[c-nsp] access rule question
Deric Kwok
deric.kwok2000 at gmail.com
Thu Oct 30 09:06:19 EDT 2014
Hi
I configure the access rule to put it in access-group in interface
to prevent to use our network to attack outside
I can see the "matches" in access-list
Extended IP access list attack
30 deny udp any eq 1910 any eq 123 (124061 matches)
500 permit ip any any (615041 matches)
but when I add new rule and unbind the old access-group in interface and
bind the new access-group
Why don't have any matching in the access-list
Extended IP access list attack2
40 deny udp any eq 1910 any
500 permit ip any any
In addition, what is different between
ip access-group attack2 in
and
ip access-group attack2 out
Thank you
More information about the cisco-nsp
mailing list