understanding Access list information

Can anyone provide me with information as to what the below information means

Standard IP access list 1 10 permit 172.0.0.0, wildcard bits 0.255.255.255 (23814 matches) Extended IP access list 105 10 permit ip any host 204.8.194.249 (1092026 matches) 20 permit ip any 204.8.194.240 0.0.0.15 log (5866507 matches) 30 permit ip any any (130076 matches) Extended IP access list 110 10 deny tcp any any eq 445 (66 matches) 20 deny tcp any any eq 139 (31 matches) 30 deny icmp host 172.18.0.106 any (479921 matches) 40 permit ip any any (681809 matches)

Thank you

Reply to
Jason
Loading thread data ...

Permits anybody from the 172 network, and there were 23814 requests that matched this.

Permits anybody to get to 204.8.194.249, and lots did.

Similar to above

Permits anybody to go anywhere.

Blocks access to port 445

Blocks access to port 139

Blocks ICMP requests from that host to anywhere.

Permits anybody to go anywhere.

The rules are applied in order.

Reply to
David Kerber

********How can i preven someone from getting to this or is there a way i c= an hide this IP address from the public???????????**********

- **********How can i preven someone from getting to this or = is there a way i can hide this IP address from the public???????????*******=

***

blocks access to port 445, can people come across this port to send a virus= ???????***********

blocks access to port 139, can people come across this port to send a virus= ???????***********

**if i understand you, this will block ping requests from this host to anyw= here, is there a way i can open this to be able to ping?******************8

can i limit where people go, add ip addresses or website addresses in here= ??????????**************

Thank you for your information

Reply to
Jason

***how can i limit where people go, add ip addresses or website addresses i= n here??????????**************

Maybe you know this but you did not mention it.

Of course the operational behaviour depends on the "ip access-group in/out" statements applied to interfaces. The access lists on their own do not do anything:)

The "matches" correspond to the number of packets matched by the particular access list entry. Sorry, maybe I am being over pedantic but I thought that the use of "requests" by David could be confusing. It is just packets.

Reply to
bod43

*****how can i limit where people go, add ip addresses or website addresses= in here??????????**************

Hi,

A little tip for you, at the end of my access lists i do an explicit deny rather than an implicit deny, this allows logging of denied packets. It is easler to troubleshoot something you can see being dropped :)

Reply to
tweety

Depends on the platform. I've not checked on this recently, but on some platforms (e.g. 6500) the count *may* be the number of initial packets referred to the supervisor or MSFC before the flow is handed off for lower level processing. (And that's a horribly imprecise description - I'm sure there are people here who can do better.)

Sam

Reply to
Sam Wilson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.