nanog mailing list archives

Re: it's here

From: kevin graham <kgraham () dotnetdotcom org>
Date: Wed, 13 Feb 2002 10:55:03 -0800 (PST)

OK, but that's filtering.  The telnet/ssh/snmp daemon is still
listening on all interfaces.  You can't get there, as long as your
filter stands, but those are some hard filters to write.


Creating a 'source interface' ACL for local services (vty's, snmp, sshd,
*cough* httpd), etc would suit the purpose nicely, and make the GRE
approach feasible w/o touching production paths. ...and an on-going wish
of mine for an 'evaluate <extended _or_ reflexive>' syntax would simplify
the maintance of ACL's in general.  But of course, even under 12.2
snmp-server still insists on numbered acl's so maybe this is all overly
optimistic.

..kg..

Current thread:

Re: it's here, (continued)
- - - Re: it's here Sean Donelan (Feb 12)
    - Re: it's here Jon O . (Feb 12)
    - Re: it's here Ron da Silva (Feb 13)
    - Re: it's here Eric Brandwine (Feb 13)
    - Re: it's here jerry scharf (Feb 13)
    - Re: it's here jlewis (Feb 13)
    - Re: it's here William Allen Simpson (Feb 13)
    - Re: it's here Jared Mauch (Feb 13)
    - Re: it's here Jesper Skriver (Feb 13)
    - Re: it's here Eric Brandwine (Feb 13)
    - Re: it's here kevin graham (Feb 13)
    - Re: it's here Jesper Skriver (Feb 13)
    - Re: it's here Jake Khuon (Feb 13)
    - Re: it's here Steve Noble (Feb 13)
    - RE: it's here Tony Hain (Feb 13)
    - Re: it's here Eric Brandwine (Feb 13)
    - Re: it's here Christopher L. Morrow (Feb 13)
    - Re: it's here Ron da Silva (Feb 13)
    - Re: it's here Stephen Sprunk (Feb 14)
    - RE: it's here Deepak Jain (Feb 14)
- RE: it's here Jon Stanley (Feb 13)