[f-nsp] ACL's on VE Int's (SI XL)
Cliff Albert
cliff-nsp at oisec.net
Thu Dec 9 02:16:45 EST 2004
On Thu, Dec 09, 2004 at 10:29:42AM +1000, Michael Bellears wrote:
> Is it possible to apply an ACL to a VE Int? (I don't think it is...)
>
> Would I have to apply the acl to the eth int? Or is it not recommended
> to use the SI as a "simple" firewall?
> (I wanted to only allow arbitrary connections to ports 21,80+443 to the
> real servers - And do not have a spare FW atm!)
conf term
int ve 2
ip access-group flow-mode
ip access-group 100 in
Should do the trick, atleast on BigIron/NetIron Foundry Boxen.
--
Cliff Albert <cliff at oisec.net>
More information about the foundry-nsp
mailing list