Pix 515E: Firewall Must Block Loopback address , reject SMTP RCPT

Posted on 2010-01-11
Medium Priority
Last Modified: 2013-11-05
New to Cisco/Pix/Firewall config... The requirements I must meet state:
1.The firewall shall reject requests for access or services where the source address received by the firewall specifies a loopback address.

Do I create an object that represents a loopback address and deny it access?

2. Firewall must reject SMTP RCPT
The firewall shall reject traffic that contains source routing symbols (e.g. in the mailer RCPT commands.

I have access to the ASDM and the command line.
I have not the faintest idea how to go about meeting these requirements.
I have googled both of these and come up empty.
Thank you

Question by:oldfowler1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
LVL 22

Accepted Solution

Jody Lemoine earned 2000 total points
ID: 26288162
The first one is relatively easy:

access-list outside_in extended deny ip host any
access-group outside_in in interface outside

The second one is somewhat beyond the scope of what a PIX can do with SMTP.  Personally, I would front-end your SMTP server with an Exim, Qmail, Postfix or other SMTP server that can be configured to do this sort of filtering for you.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question