[c-nsp] router packets & outbound acl
Ian Dickinson
iand at eng.pipex.net
Fri Oct 19 17:39:12 EDT 2007
Oliver Boehmer (oboehmer) wrote:
> *any* self-originated packet (for example a ping or telnet or routing
> protocol packet sent by the router) is not subject to outbound ACL
> checking.
> I guess the reasoning goes along the line: If you don't want to ping
> outside the router, then don't ping ;-)
AFAIK the only way to achieve something similar to this (should it be
required) would be to apply an outbound service-policy to the control-plane,
but you won't get to match on the output interface here, only on packet
header/content stuff - so it's not a direct equivalent really.
--
Ian Dickinson
Senior Network Development Engineer
Pipex Communications
ian.dickinson at pipex.net
http://www.pipex.net
This e-mail is subject to: http://www.pipex.net/disclaimer.html
More information about the cisco-nsp
mailing list