Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 402
  • Last Modified:

HowTo access-list blocking a specific port

I have to block all outbound SMTP trafic on one of my interfaces (firewall connection) of a cisco 3650 switch
it should block anything and allow only my mail server trafic.
I set this access list:
Extended IP access list 102
    10 permit tcp host mail_server_IP any eq smtp
    20 deny tcp any any eq smtp

when I try to add that access-list to the required interface I don't have "out" option:
conf t
int g0/1 (the interface I want to block)
ip access-group 102 in (in is the only option & I need out)

what was I doing wrong?
why didn't I get the "out" option?

applying this access-list with "in" option blocked all outbound trafic on this port
1 Solution
chukuAuthor Commented:
found the problem, here is the correct settings:
Extended IP access list 105
    10 permit tcp any host mail_server_ip
    20 permit tcp host mail_server_ip any eq smtp
    30 permit tcp any host mail_server_ip eq smtp
    40 deny tcp any any eq smtp log
    50 permit ip any any
Closed, 50 points refunded.
Community Support Moderator

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now