Hi all,
I have played with the access list of my Cisco 857. I've comr up with the following tru searching the web, usenet and cisco manuals, sdm ....
What do you think I should improve, change.... This is acces list 102 -- incoming traffic from the wan/atm interface
Situation: soho usage, and 1 bittorent client. Thanks in advance
access-list 102 remark DNS verkeer inkomend toelaten access-list 102 permit udp any eq domain any access-list 102 remark Web inkomend toelaten en dyndns antwoord access-list 102 permit tcp any eq www any access-list 102 remark NTP inkomend toelaten (123) 207.46.197.32 access-list 102 permit udp host 207.46.197.32 eq ntp any eq ntp access-list 102 remark BitTorent verkeer toelaten -- PC1 access-list 102 permit tcp any any eq 11478 access-list 102 permit udp any any eq 11478 access-list 102 remark Bittorent verkeer toelaten -- PC2 access-list 102 permit tcp any any eq 56658 access-list 102 permit udp any any eq 56658 access-list 102 remark ICMP instellingen hieronder access-list 102 permit icmp any any echo-reply access-list 102 permit icmp any any time-exceeded access-list 102 permit icmp any any unreachable access-list 102 permit udp any any eq ntp access-list 102 remark Prive adressen niet toestaan vanop internet access-list 102 deny ip 10.0.0.0 0.255.255.255 any access-list 102 deny ip 172.16.0.0 0.15.255.255 any access-list 102 deny ip 192.168.0.0 0.0.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip host 0.0.0.0 any access-list 102 deny ip any any log dialer-list 1 protocol ip permit
Extended IP access list 102 10 permit udp any eq domain any (1500 matches) 20 permit tcp any eq www any (24 matches) 30 permit udp host 207.46.197.32 eq ntp any eq ntp (28 matches) 40 permit tcp any any eq 11478 (21347 matches) 50 permit udp any any eq 11478 (26 matches) 60 permit tcp any any eq 56658 70 permit udp any any eq 56658 80 permit icmp any any echo-reply (10 matches) 90 permit icmp any any time-exceeded (12 matches) 100 permit icmp any any unreachable (411 matches) 110 permit udp any any eq ntp 120 deny ip 10.0.0.0 0.255.255.255 any 130 deny ip 172.16.0.0 0.15.255.255 any 140 deny ip 192.168.0.0 0.0.255.255 any 150 deny ip 127.0.0.0 0.255.255.255 any 160 deny ip host 255.255.255.255 any 170 deny ip host 0.0.0.0 any 180 deny ip any any log (83 matches)