Firewall Wizards mailing list archives
Re: PIX 520 - Converting conduits to access-lists
From: "Jean Caron" <caronj () norac net>
Date: Wed, 23 Oct 2002 09:08:47 -0400
See below... Eye Am writes:
<snip>
Old conduits: conduit permit tcp host my.public.addy.here eq ftp any conduit permit tcp host my.public.addy.here eq domain any conduit permit udp host my.public.addy.here eq domain any conduit permit tcp host my.public.addy.here eq ftp-data any So I made the following access-lists/groups access-list DMZ_IN permit tcp any host my.public.addy.here eq ftp (hitcnt=0)access-list DMZ_IN permit tcp any host my.public.addy.here eq ftp-data(hitcnt=0)access-list DMZ_IN permit udp any host my.public.addy.here eq domain(hitcnt=0)access-list DMZ_IN permit tcp any host my.public.addy.here eq domain(hitcnt=0) access-group DMZ_IN in interface DMZ
<snip> try changing the syntax to something like this;access-list DMZ_IN permit tcp host my.public.addy.here any eq ftp
Jean _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX 520 - Converting conduits to access-lists Eye Am (Oct 23)
- Re: PIX 520 - Converting conduits to access-lists Jean Caron (Oct 23)
- <Possible follow-ups>
- Re: PIX 520 - Converting conduits to access-lists Miha Vitorovic (Oct 23)