• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

HowTo access-list blocking a specific port

I have to block all outbound SMTP trafic on one of my interfaces (firewall connection) of a cisco 3650 switch
it should block anything and allow only my mail server trafic.
I set this access list:
Extended IP access list 102
    10 permit tcp host mail_server_IP any eq smtp
    20 deny tcp any any eq smtp

when I try to add that access-list to the required interface I don't have "out" option:
conf t
int g0/1 (the interface I want to block)
ip access-group 102 in (in is the only option & I need out)

what was I doing wrong?
why didn't I get the "out" option?

applying this access-list with "in" option blocked all outbound trafic on this port
1 Solution
chukuAuthor Commented:
found the problem, here is the correct settings:
Extended IP access list 105
    10 permit tcp any host mail_server_ip
    20 permit tcp host mail_server_ip any eq smtp
    30 permit tcp any host mail_server_ip eq smtp
    40 deny tcp any any eq smtp log
    50 permit ip any any
Closed, 50 points refunded.
Community Support Moderator
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now