<div dir="auto">I've used your acl but without effect, still can access port 88 from other IP's than x and y. Those three statements are my first three in ACL. </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 12 Jul 2019, 09:36 Анатолий Соломатин, <<a href="mailto:solomatin.av@gmail.com">solomatin.av@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">HI,<div><span style="font-family:sans-serif;font-size:12.8px">seq 96 permit tcp host xx.xx.xx.xx any eq 88 class Permit</span><br style="font-family:sans-serif;font-size:12.8px"><span style="font-family:sans-serif;font-size:12.8px">seq 97 permit tcp host yy.yy.yy.yy any eq 88 class Permit</span> <br><div><span style="font-family:sans-serif;font-size:12.8px">seq 98 permit tcp any any eq 88 class Deny</span><br style="font-family:sans-serif;font-size:12.8px"><br></div><div>"</div><div class="m_1102287158426943113gmail-body-content" id="m_1102287158426943113gmail-content"><h3><a name="m_1102287158426943113_i1138843" rel="noreferrer"></a><a name="m_1102287158426943113__C4" rel="noreferrer"></a><span class="m_1102287158426943113gmail-CHAPNUMBER">1.1.2 </span><span class="m_1102287158426943113gmail-CHAPTITLE"><a name="m_1102287158426943113_id_eovj" rel="noreferrer"></a><a name="m_1102287158426943113_CHAPTER1.1.2" class="m_1102287158426943113gmail-CHAPLINK" href="http://localhost:9032/alexserv?AC=LINK&ID=26857&FN=35_1543-CRA1191170_1-V1Uen.M.html&PA=access-list&ST=FULLTEXT#TOP" target="_blank" rel="noreferrer">IP ACL Statements (Rules)</a></span></h3></div><div>In <a title="Internet Protocol" class="m_1102287158426943113gmail-glossexpansion" rel="noreferrer">IP</a> <a title="Access Control List" class="m_1102287158426943113gmail-glossexpansion" rel="noreferrer">ACLs</a>, each rule defines the action, either permit or deny, to be taken for a packet if the packet satisfies the rule. A <tt class="m_1102287158426943113gmail-input"><b>permit</b></tt> statement causes any packet matching the criteria to be accepted. A <tt class="m_1102287158426943113gmail-input"><b>deny</b></tt> statement causes any packet matching the criteria to be dropped. A packet that does not match the criteria of the first statement is subjected to the criteria of the second statement, and so on, until the end of the <a title="Internet Protocol" class="m_1102287158426943113gmail-glossexpansion" rel="noreferrer">IP</a> <a title="Access Control List" class="m_1102287158426943113gmail-glossexpansion" rel="noreferrer">ACL</a> is reached; at which point, the packet is dropped due to an implicit <tt class="m_1102287158426943113gmail-input"><b>deny any any</b></tt> statement at the end of every <a title="Internet Protocol" class="m_1102287158426943113gmail-glossexpansion" rel="noreferrer">IP</a> <a title="Access Control List" class="m_1102287158426943113gmail-glossexpansion" rel="noreferrer">ACL</a>."</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">пт, 12 июл. 2019 г. в 11:49, Bartek Mickiewicz <<a href="mailto:bmtych@gmail.com" target="_blank" rel="noreferrer">bmtych@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi,<div dir="auto">I'm having problem with policy access-list. I want to block all incoming connections to port 88 and allow two IP addresses to access that port. </div><div dir="auto">I've tried:</div><div dir="auto"><span style="font-family:sans-serif;font-size:12.8px">seq 98 permit tcp any any eq 88 class Deny</span><br style="font-family:sans-serif;font-size:12.8px"><span style="font-family:sans-serif;font-size:12.8px">seq 103 permit tcp host xx.xx.xx.xx any eq 88 class Permit</span><br style="font-family:sans-serif;font-size:12.8px"><span style="font-family:sans-serif;font-size:12.8px">seq 103 permit tcp host yy.yy.yy.yy any eq 88 class Permit</span><br></div></div>
_______________________________________________<br>
redback-nsp mailing list<br>
<a href="mailto:redback-nsp@puck.nether.net" target="_blank" rel="noreferrer">redback-nsp@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel="noreferrer noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/redback-nsp</a><br>
</blockquote></div>
</blockquote></div>