I need to block incoming ping from the Internet but allow ping out for testing connectivity to the outside world. i currently have an ACL with these commands; access-list 100 permit icmp any any unreachable
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
i want to add this line to the top of the ACL- access-list 100 deny icmp any outside - to the top of the ACL.
now my real question is what is the best way to add this line? i remember having to remove the ACL into notepad adding the line then reentering the ACL into the firewall. if i do that then the firewall will not have any ACL installed for a short period of time. this is on a production firewall so i want to be very carefull.
thanks in advance,