I created an access list with one spot at line 30 that I reserved to put some IP address that I want all traffic blocked. So, in the case of an attack, even though I know the hosts will have intrusion detection, there are times where I still want to block that IP, if only to save log file space from all their attempts to log into "Administrator".
ip access-list extended ACLinbound permit tcp any any established permit tcp any 10.0.0.0 0.0.255.255 eq 80 deny ip host 72.0.206.240 any ...
However, to do this during an attack, I found I need to do the following:
configure terminal ip access-line extrended ACLinbound no 30
30 deny ip host any endIs there a better way to quickly tell a router to block any/all traffic ? usually, those blocks are needed just for a few minutes until the hacker moves on to a different IP address.