[f-nsp] UDP 'established' ACL?
David Miller
dmiller at metheus.org
Thu Mar 31 17:06:17 EDT 2011
Serveriron running 10.2.01oTI4
My setup is a more secure layer with utilities and databases, and a
layer for the boxes that have to talk to the 'net.
I currently have an ACL that lets a more-secure box establish TCP
connections to the less secure layer:
permit tcp 192.168.120.0 0.0.0.255 192.168.140.0 0.0.0.255 established
I'm installing SNMP now, and would like to have the equivalent rule for
UDP - IE, any host on the more secure layer able to send UDP packets and
get the response back. I tried this:
permit udp 192.168.120.0 0.0.0.255 192.168.140.0 0.0.0.255 established
and it doesn't raise any syntax errors, but it doesn't allow packets to
return to the snmp box.
What am I missing here?
Thanks,
--- David
More information about the foundry-nsp
mailing list