Hi there !
In 6.3 it was possible to remove an entire ACL with "no acl ". This no longer works in PIX 7 - one has to remove every single line. Is this a bug or a feature, am I doing wrong anything? What about v8?
TIA
fw
Hi there !
In 6.3 it was possible to remove an entire ACL with "no acl ". This no longer works in PIX 7 - one has to remove every single line. Is this a bug or a feature, am I doing wrong anything? What about v8?
TIA
fw
You can do it with
firewall(config)# clear configure access-list [acl-name]
What kind of syntax is that? Never seen. With the mentioned behavior, is it possible to delete single lines in an ACL without having to re-create the whole list?
Regards
fw
You've always been able to delete individual lines on a Pix/ASA ACL, simply use the exact syntax. i.e no access-list outside permit tcp any host 1.1.1.1 eq smtp
My guess is they removed the possibility to inadvertently delete a whole access-list when managing it .
Yes, you can either remove an entire access list or single entries from it. You can also insert an entry into the middle of an access list.
PIX(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list inbound; 4 elements access-list inbound line 1 remark * Telnet access-list inbound line 2 extended permit tcp any host 10.1.1.1 eq ssh (hitcnt=0) access-list inbound line 3 extended permit tcp any host 10.1.1.1 eq telnet (hitcnt=0)
PIX(config)# access-list inbound line 3 remark * SSH PIX(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list inbound; 4 elements access-list inbound line 1 remark * Telnet access-list inbound line 2 extended permit tcp any host 10.1.1.1 eq ssh (hitcnt=0) access-list inbound line 3 remark * SSH access-list inbound line 4 extended permit tcp any host 10.1.1.1 eq telnet (hitcnt=0)
PIX(config)# no access-list inbound line 3 remark * SSH PIX(config)# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list inbound; 4 elements access-list inbound line 1 remark * Telnet access-list inbound line 2 extended permit tcp any host 10.1.1.1 eq ssh (hitcnt=0) access-list inbound line 3 extended permit tcp any host 10.1.1.1 eq telnet (hitcnt=0)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.