cisco pix,
I have acl and when I`m adding a rule it`s being placed at the end of the list... and I have zero matches, so as I conclude I have to add this to the beginnig af acl, how to do this ?? D
p.s. precisely I want to block one special host from the rest of the network (access-list acl_inside deny ip host 10.0.1.23 any)
To do that, you have to reprogram you're ACL. You can't add ACL statements to the top of ACLs.
"Dominik" schreef in bericht news:e0tmns$fmj$ snipped-for-privacy@atlantis.news.tpi.pl...
Sorry, but thats wrong, you can of course insert lines wherever you want in a pix acl. Thats what the "lines" statement does for you.
example: access-list outside line 4 permit tcp any any eq 80 that would insert the statement in to 4th line of the acl.
a simple "show access-list" will show you the ACL with all the line numbers so you don't have to count them.
-Brian
Didn't know that Know it now
Thx
"Brian V" schreef in bericht news:9smdnWnxgaugIa_ZnZ2dnUVZ snipped-for-privacy@comcast.com...
That's also the case with ACL's in IOS as of 12.2(14)S, see ..
thanks for the answers - now everything is clear form me best regards D
Forgive me if I'm wrong, but could you not copy the ACL into Notepad, add the new line where needed, delete it from your config and then recreate it using by pasting in the text from Notepad. Cumbersome but workable isn't it?
John
Workable but risky ... think before you act ... if the acl is being applied to the interface your using to access the router as soon as thge first line is applied you lock yourself out ... explicit deny gets you every time ... it's gotten me a couple of times.
It's not good practice in a production environment when there's other options available.
BernieM
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.