[c-nsp] DDoS help please
Gert Doering
gert at greenie.muc.de
Tue Dec 11 15:48:15 EST 2012
Hi,
On Tue, Dec 11, 2012 at 11:19:08AM -0800, Mike wrote:
> 53 except to/from my servers. I don't want to cut/paste and create a new
> access list for this customer, I just want to be able to add some
> additional rules on top of the default filter set. Surely there has to
> be a way to do this?
Not easily, as IOS only supports a single ingress and a single egress
ACL per interface, and you can't "include" other ACLs.
You might trick this by using an *ingress* ACL on the LAN port of your
7201 to drop that particular traffic, or by using QoS to policy these
packets down to 1kbit/s... (you can have QoS policies in addition to
an egress ACL).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20121211/ef51412f/attachment.sig>
More information about the cisco-nsp
mailing list