PIX Access list restrictions
Posted on 2004-11-15
I am a Cisco/PIX newbie and have recently acquired a PIX 056e firewall. I have set up the basics, interfaces DCHP, Nat etc, and now need to fine tune further. I need to setup access lists to deny all inside users with the exception of internet access and outside DNS lookup.
Also only one inside host (220.127.116.11) to have unrestricted access.
This is what I've got so far.
access-list outbound permit tcp host any any eq 80
access-list outbound permit udp any any eq 53
access-list outbound permit ip 18.104.22.168 any
access-list outbound deny ip any any
access-group outbound in interface inside
This is off the top of my head and havent tried this config yet. Can anyone verify?