[c-nsp] router packets & outbound acl
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Oct 19 02:52:20 EDT 2007
Tassos Chatzithomaoglou <> wrote on Thursday, October 18, 2007 11:29 PM:
> I heard recently (during a cisco technical presentation) that packets
> sourced by the router itself, are not affected by an outbound acl
> defined on a router's interface; something that -at first- seemed a
> little bit strange to me.
>
> I guess that seems normal in the following scenario:
> 1) the packet has the E0 ip as its source
> 2) the destination ip is routed through E0
> 3) you apply the outbound acl in E0
>
> But what happens if the packet has its source on another interface
> from the one that the packet must pass in order to reach the
> destination?
*any* self-originated packet (for example a ping or telnet or routing
protocol packet sent by the router) is not subject to outbound ACL
checking.
I guess the reasoning goes along the line: If you don't want to ping
outside the router, then don't ping ;-)
oli
More information about the cisco-nsp
mailing list