• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 403
  • Last Modified:

HowTo access-list blocking a specific port

I have to block all outbound SMTP trafic on one of my interfaces (firewall connection) of a cisco 3650 switch
it should block anything and allow only my mail server trafic.
I set this access list:
Extended IP access list 102
    10 permit tcp host mail_server_IP any eq smtp
    20 deny tcp any any eq smtp

when I try to add that access-list to the required interface I don't have "out" option:
conf t
int g0/1 (the interface I want to block)
ip access-group 102 in (in is the only option & I need out)

what was I doing wrong?
why didn't I get the "out" option?

applying this access-list with "in" option blocked all outbound trafic on this port
0
chuku
Asked:
chuku
1 Solution
 
chukuAuthor Commented:
found the problem, here is the correct settings:
Extended IP access list 105
    10 permit tcp any host mail_server_ip
    20 permit tcp host mail_server_ip any eq smtp
    30 permit tcp any host mail_server_ip eq smtp
    40 deny tcp any any eq smtp log
    50 permit ip any any
0
 
CetusMODCommented:
Closed, 50 points refunded.
CetusMOD
Community Support Moderator
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now