Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PIX 520 - Converting conduits to access-lists

From: "Jean Caron" <caronj () norac net>
Date: Wed, 23 Oct 2002 09:08:47 -0400
See below... Eye Am writes: 
<snip>
Old conduits: conduit permit tcp host my.public.addy.here eq ftp any conduit permit tcp host my.public.addy.here eq domain any conduit permit udp host my.public.addy.here eq domain any conduit permit tcp host my.public.addy.here eq ftp-data any So I made the following access-lists/groups access-list DMZ_IN permit tcp any host my.public.addy.here eq ftp (hitcnt=0) 
access-list DMZ_IN permit tcp any host my.public.addy.here eq ftp-data
(hitcnt=0) 
access-list DMZ_IN permit udp any host my.public.addy.here eq domain
(hitcnt=0) 
access-list DMZ_IN permit tcp any host my.public.addy.here eq domain
(hitcnt=0) access-group DMZ_IN in interface DMZ 
<snip>
try changing the syntax to something like this;
access-list DMZ_IN permit tcp host my.public.addy.here any eq ftp 
Jean
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: