Deny

- J
- J1C
  
  Contact options for registered users
posted
19 years ago

Tue, Apr 26, 2005 4:45 PM

How can I block all inbound connection attempts from a particular IP address?

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Tue, Apr 26, 2005 5:40 PM

In article , J1C wrote: :How can I block all inbound connection attempts from a particular IP :address?

What platform? Which software and which features?

On the PIX, you would put a deny ip host HOSTIP any in the access-list you are applying as your access-group against the outside interface. You would need to put the line above any 'permit' of 'any' that you had.

On IOS, you would normally create a numbered access list in the range 100-199, something like

access-list 101 deny ip host HOSTIP any ! put any other restrictions here ! then make sure you permit everything else you want as the default ! is to deny if you have anything in the active ACL access-list 101 permit ip any any

then you would go into interface configuration mode for the outside interface and apply it:

interface FastEthernet0 ip access-group 101 in

- J
- J1C
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Tue, Apr 26, 2005 7:02 PM

Sorry PIX 506e 6.3(3)

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.