Below is an access list from a security book I am reading,
access-list 110 deny tcp any any established
access-list 110 permit tcp any any
access-group 110 in (this is the Internet interface)
If I want to deny incoming tcp traffic other than for established sessions should the access be as follows?
access-list 110 permit tcp any any established
access-group 110 in
It seems to me the first access list will deny the returning packets and since a ACL will deny by default, why do I need the 'deny' at all in the first list?