Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cisco acls

From: Andrew Yourtchenko <ayourtch () cisco com>
Date: Tue, 8 Mar 2005 16:00:09 +0100 (CET)
Hello Luke,
I believe your ramblings are quite coherent, since the IOS also has a similar concept, but a bit different from the PIX: 

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsaclseq.htm

thanks,
andrew

On Mon, 7 Mar 2005, Luke Butcher wrote:


Excuse my incoherent ramblings, you can't do access-list editing by line
number on a router, I was thinking of the pix OS.

I return you to your usual programming now.

Luke Butcher
Network/Security Consultant

-----Original Message-----
From: Luke Butcher
Sent: Friday, 4 March 2005 9:33 AM
To: Eric Appelboom
Cc: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Cisco acls


In my experience, I've only used ACLs on a router as a broad filter,
block 10.* 192.168.* type stuff. Usually at the border router or
similar. Behind this is then some sort of firewall to do the real
filtering.

As for how to, in the bad old days I always had a text file that
contained the no access-group in, no access-list, etc. so you'd just
edit the text file then copy and paste.
These days it's much easier to use named access-lists and cut and past
rules by line numbers on a Cisco. Also for the reasons you pointed out,
there'd be no access-list on a router while there was no ACL.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: