[f-nsp] ACL's on VE Int's (SI XL)

Cliff Albert cliff-nsp at oisec.net
Thu Dec 9 02:16:45 EST 2004


On Thu, Dec 09, 2004 at 10:29:42AM +1000, Michael Bellears wrote:

> Is it possible to apply an ACL to a VE Int? (I don't think it is...)
> 
> Would I have to apply the acl to the eth int? Or is it not recommended
> to use the SI as a "simple" firewall?
> (I wanted to only allow arbitrary connections to ports 21,80+443 to the
> real servers - And do not have a spare FW atm!)

conf term
 int ve 2
   ip access-group flow-mode
   ip access-group 100 in

Should do the trick, atleast on BigIron/NetIron Foundry Boxen.

-- 
Cliff Albert <cliff at oisec.net>


More information about the foundry-nsp mailing list