Firewall Wizards mailing list archives

Re: Enforcing content filtering with PIX515E

From: "Christopher J. Wargaski" <wargo1 () gmail com>
Date: Tue, 22 Jan 2008 22:28:12 -0600

Hey Ian--

   The source TCP port will be (nearly) random, but your workstations
will be configured to proxy to Surf Control at TCP port 8081. You
first want to permit that traffic, then explicitly deny HTTP access
elsewhere. Finally, allow the rest of your stuff.

access-list acl_in permit tcp any host <surfcontrol's IP> eq 8081
access-list acl_in deny tcp any any eq 80
access-list acl_in permit icmp any any
access-list acl_in permit ip any any
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Enforcing content filtering with PIX515E Ian Rarity (Jan 22)
- Re: Enforcing content filtering with PIX515E Josh (Jan 22)
- Re: Enforcing content filtering with PIX515E Victor Williams (Jan 22)
  - Re: Enforcing content filtering with PIX515E Miedaner (Jan 23)
- Re: Enforcing content filtering with PIX515E Christopher J. Wargaski (Jan 22)
  - Re: Enforcing content filtering with PIX515E Ian Rarity (Jan 28)
- Re: Enforcing content filtering with PIX515E Paul D. Robertson (Jan 22)