[rbak-nsp] Policy access-list

Bartek Mickiewicz bmtych at gmail.com
Fri Jul 12 03:53:38 EDT 2019


I've used your acl but without effect, still can access port 88 from other
IP's than x and y. Those three statements are my first three in ACL.

On Fri, 12 Jul 2019, 09:36 Анатолий Соломатин, <solomatin.av at gmail.com>
wrote:

> HI,
> seq 96 permit tcp host xx.xx.xx.xx any eq 88 class Permit
> seq 97 permit tcp host yy.yy.yy.yy any eq 88 class Permit
> seq 98 permit tcp any any eq 88 class Deny
>
> "
> 1.1.2   IP ACL Statements (Rules)
> <http://localhost:9032/alexserv?AC=LINK&ID=26857&FN=35_1543-CRA1191170_1-V1Uen.M.html&PA=access-list&ST=FULLTEXT#TOP>
> In IP ACLs, each rule defines the action, either permit or deny, to be
> taken for a packet if the packet satisfies the rule. A *permit* statement
> causes any packet matching the criteria to be accepted. A *deny*
> statement causes any packet matching the criteria to be dropped. A packet
> that does not match the criteria of the first statement is subjected to the
> criteria of the second statement, and so on, until the end of the IP ACL
> is reached; at which point, the packet is dropped due to an implicit *deny
> any any* statement at the end of every IP ACL."
>
> пт, 12 июл. 2019 г. в 11:49, Bartek Mickiewicz <bmtych at gmail.com>:
>
>> Hi,
>> I'm having problem with policy access-list. I want to block all incoming
>> connections to port 88 and allow two IP addresses to access that port.
>> I've tried:
>> seq 98 permit tcp any any eq 88 class Deny
>> seq 103 permit tcp host xx.xx.xx.xx any eq 88 class Permit
>> seq 103 permit tcp host yy.yy.yy.yy any eq 88 class Permit
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20190712/3849a30c/attachment.htm>


More information about the redback-nsp mailing list