Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi all,
I've been told to add something to our router at work, only problem is I don't have a good understanding of ACL syntax. I understand it's principles and concept but I would just like someone to see if it's correct.This is what I have entered into the router and it works fine, blocking access to ports on certain machines.
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 permit tcp any XXX.XXX.XXX.0 0.0.0.31 established
access-list 104 permit tcp any host XXX.XXX.XXX.2 eq smtp
access-list 104 permit tcp any host XXX.XXX.XXX.2 eq ident
access-list 104 permit tcp any host XXX.XXX.XXX.2 eq pop3
access-list 104 permit tcp any host XXX.XXX.XXX.7 eq 7000
access-list 104 permit tcp any host XXX.XXX.XXX.7 eq 7001
access-list 104 permit tcp any host XXX.XXX.XXX.10 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.10 eq ftp
access-list 104 permit tcp any host XXX.XXX.XXX.10 eq 1494
access-list 104 permit tcp any host XXX.XXX.XXX.10 eq 1604
access-list 104 permit tcp any host XXX.XXX.XXX.11 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.11 eq 1494
access-list 104 permit tcp any host XXX.XXX.XXX.11 eq 1604
access-list 104 permit tcp any host XXX.XXX.XXX.13 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.14 eq 300
access-list 104 permit tcp any host XXX.XXX.XXX.14 eq 360
access-list 104 permit tcp any host XXX.XXX.XXX.15 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.15 eq smtp
access-list 104 permit tcp any host XXX.XXX.XXX.16 eq 22
access-list 104 permit tcp any host XXX.XXX.XXX.19 eq 300
access-list 104 permit ip any host XXX.XXX.XXX.20
access-list 104 permit tcp any host XXX.XXX.XXX.23 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.23 eq 5800
access-list 104 permit tcp any host XXX.XXX.XXX.23 eq 5900
access-list 104 permit tcp any host XXX.XXX.XXX.24 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.27 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.28 eq www
access-list 104 permit tcp any host XXX.XXX.XXX.28 eq 90
access-list 104 permit ip any host XXX.XXX.XXX.30
access-list 104 permit udp XXX.XXX.XXX.0 0.0.0.15 any
access-list 104 permit icmp any any
access-list 104 deny ip any any logNow I have been told to add the following to this list,
access-list 104 deny icmp any any echo
access-list 104 deny tcp any any eq 135
access-list 104 deny tcp any any eq 69
access-list 104 permit ip any anyProblem is, I have no idea what the top and bottom row's mean, any any echo and permit ip any any, I thought I denied all incoming ip traffic.
someone just take a stab at this one any nfo would probably get me started in the right direction.
Looks like you try to block the blast.exe virus. The blast virus uses port 135 and tftp(port 69). Be careful about blocking the port 135 if you have to syn your domains. If you block the port 135, your domain servers will not syn. Better of to patch your systems first, if no other domain controllers in other side of network, block the port 135. If you have domain controllers in other side of the network, leave the port 135 open. I am not sure why you need tftp other than the comm eq.
0 
 |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
