[e-nsp] TCP access list / EW 7.6
Stéphane Grosjean
Stephane.Grosjean at telindus.fr
Mon Aug 27 06:32:01 EDT 2007
Hello,
Strange behaviour... did you configure it that way ?
create access-list deny_137 tcp dest any ip-port 137 source any ip-port any deny ports any
Stephane.
>I have an access list like that:
>* Alpine3808:31 # show access-list
> Rule Dest/mask:L4DP Src/mask:L4SP Flags Hits
>port_137 0.0.0.0 /0 :137 0.0.0.0 /0 :0 T-D-X 0
>Flags: I=IP, T=TCP, U=UDP, E=Established, M=ICMP, G=IGMP
> P=Permit Rule, D=Deny Rule
> N=Port Specific Rule, X=Any Port
>
>but, if I try to do a telnet to port 137 it is not notified in "Hits" and >it
>is not dropped.
>As I could see, only pure IP acl works, but TCP and UDP no.
More information about the extreme-nsp
mailing list