Solved

blocking port 22 to a server on a procurve 5412zl switch

Posted on 2008-10-16
4
666 Views
Last Modified: 2012-05-05
I have a HP procurve 5412zl switch and I'm wanting to block access to TCP port #22 for all subnets but 10.1.1.0 but i'm having no luck. I've been trying an extended access control list but I can only seem to block the port going out from the server. I'm needing to block port access into the server.

Can I block ports this way and how do I do this?
0
Comment
Question by:shook1981
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 8

Expert Comment

by:MrJemson
ID: 22738025
Would probably be easier to configure the firewall on the server for this purpose.
What kind of box are you using? Is iptables installed? running?
0
 

Author Comment

by:shook1981
ID: 22740546
I have my reasons why I want to know how/if the switch can do this. I know how to block outgoing traffic just not the incoming
0
 
LVL 4

Accepted Solution

by:
Adraenyse earned 500 total points
ID: 24445936
Blocking inbound ports requires that you filter the source port to be larger than 1023 and the destination as 22. The source port will not be 22.

Your better bet is to write the ACL so that it accepts >1023 as source and 22 as destination where the source IP is 10.1.1.0 and then deny all other sources.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question