• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1442
  • Last Modified:

Pix 515E: Firewall Must Block Loopback address , reject SMTP RCPT

New to Cisco/Pix/Firewall config... The requirements I must meet state:
1.The firewall shall reject requests for access or services where the source address received by the firewall specifies a loopback address.

Do I create an object that represents a loopback address and deny it access?

2. Firewall must reject SMTP RCPT
The firewall shall reject traffic that contains source routing symbols (e.g. in the mailer RCPT commands.


I have access to the ASDM and the command line.
I have not the faintest idea how to go about meeting these requirements.
I have googled both of these and come up empty.
Thank you

0
oldfowler1
Asked:
oldfowler1
1 Solution
 
Jody LemoineNetwork ArchitectCommented:
The first one is relatively easy:

access-list outside_in extended deny ip host 127.0.0.1 any
access-group outside_in in interface outside

The second one is somewhat beyond the scope of what a PIX can do with SMTP.  Personally, I would front-end your SMTP server with an Exim, Qmail, Postfix or other SMTP server that can be configured to do this sort of filtering for you.
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now