Solved

access-list quick Qs

Posted on 2004-10-11
3
137 Views
Last Modified: 2010-04-09
access-list out_in permit tcp any any

The above is bad?  i have a long list of access-lists that allow certain ports to certain IPs... and i noticed that one in there, i don't want this do i?

Also,

How would i allow a range of ports?

i tried

access-list out_in permit tcp any host 70.241.39.10 eq 7000-7020  and a few other variations, but no go.

Thanks,
Nick
0
Comment
Question by:NickUA
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12286041
Assuming you are talking about a PIX,
No, you don't want anything that says "any any"

For a port range, just change the "eq" to 'range'
0
 
LVL 1

Expert Comment

by:Blackduke77
ID: 12701834
this is the command you want and yes remove that acl as it is allowing every thing in

access-list out_in permit tcp any host 70.241.39.10 range 7000 7020

hope this helps

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13703161
How's it going? Have you found a solution? Do you need more information?
Can you close this question?

http://www.experts-exchange.com/help.jsp#hs5

Thanks for attending to this long-forgotten question.

<-8}
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question