• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Can somebody walk me through blocking IP range in Cisco PIX via GUI?

Homerboy

Homerboy

Lifer
Seems some spammers are getting on us... can somebody walk me through the blocking of an IP range in a Cisco PIX via the gui interface?

Please? PLEASE?

(I will do via command line too if its "easy")
 
GUI walkthroughs are painful...you'll need to learn the CLI sooner than later.

config t
access-list BLOCK_SPAM deny ip 192.168.1.0 255.255.255.0 any
access-list BLOCK_SPAM permit ip any any
access-group BLOCK_SPAM in interface outside
Click to expand...

192.168.1.0 255.255.255.0 is whatever the spammer ip range is
outside is whatever interface you have assigned facing the internet

since this is for your job, you may want to make yourself more familiar with the PIX firewall for the next time an issue like this arrises. check out these links:

Peter Welcher PIX 1
Peter Welcher PIX 2
PIX 6.x Configuration Guide
 
I entered what you suggested (using their IP range of 168.95.4.0-254

but its still getting through:
SMTP-00217: message <GEGVHDFBACVDSGZKAFENPQRGK@163.com> from rjglhniep@ms2.hinet.net (11 recipients): Mon Mar 3, 2008 at 2:17:53 PM

 
Originally posted by: Homerboy
There seems to be an issue though
please see images located here:
http://picasaweb.google.com/potrzebowski/Misc
Click to expand...

the mask should be the SUBNET MASK, not the ending ip address...

delete the old access-list and try this instead.

config t
access-list BLOCK_SPAM deny tcp 168.95.0.0 255.255.0.0 any eq 25
access-list BLOCK_SPAM permit ip any any
access-group BLOCK_SPAM in interface outside
Click to expand...

if you do a show access-list, do you see hits on the deny statement?
 
that statement would encompass 168.95.4.0 as well...

if you do an APNIC whois on 168.95.4.0, it comes back with Chunghwa Telecom whos range is 168.95.0.0 - 168.95.255.255. just block that entire range and call it a day 🙂

that is, unless you have customers or valid SMTP traffic coming from Taiwan.
 
Originally posted by: jlazzaro
that statement would encompass 168.95.4.0 as well...

if you do an APNIC whois on 168.95.4.0, it comes back with Chunghwa Telecom whos range is 168.95.0.0 - 168.95.255.255. just block that entire range and call it a day 🙂

that is, unless you have customers or valid SMTP traffic coming from Taiwan.
Click to expand...

yeah I figured it blocked a larger range of .tw... which is perfectly fine


 
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list outside_access_in; 5 elements
access-list outside_access_in line 1 remark pop3
access-list outside_access_in line 2 permit tcp any host E-Mail eq pop3 (hitcnt=61541)
access-list outside_access_in line 3 remark SMTP
access-list outside_access_in line 4 permit tcp any host E-Mail eq smtp (hitcnt=658901)
access-list outside_access_in line 5 remark TS
access-list outside_access_in line 6 permit tcp any host Term-Serv eq 3389 (hitcnt=1650)
access-list outside_access_in line 7 remark TS to MB
access-list outside_access_in line 8 permit tcp any host Term-Serv eq 4833 (hitcnt=320)
access-list outside_access_in line 9 remark TS to JOEP
access-list outside_access_in line 10 permit tcp any host Term-Serv eq 4850 (hitcnt=40)
access-list BLOCK_SPAM; 3 elements
access-list BLOCK_SPAM line 1 permit ip interface outside any (hitcnt=0)
access-list BLOCK_SPAM line 2 permit ip any any (hitcnt=332)
access-list BLOCK_SPAM line 3 deny ip kohnlaw.local 255.255.255.0 any (hitcnt=0)


not blocking. 🙁
 
its not blocking because you arent putting in the right commands and your ACL is out of order.

copy and paste this command...

access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq pop3
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq smtp
access-group outside_access_in in interface outside
 
Originally posted by: jlazzaro
its not blocking because you arent putting in the right commands and your ACL is out of order.

copy and paste this command...

access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq pop3
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq smtp
Click to expand...


config t
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq pop3
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq smtp
access-list BLOCK_SPAM permit ip any any
access-group BLOCK_SPAM in interface outside


pasted
 
you can only have 1 access-list per interface, forget the entire BLOCK_SPAM ACL. apply your old access-list back to the interface and you should be good.

access-group outside_access_in in interface outside
 
Originally posted by: jlazzaro
you can only have 1 access-list per interface, forget the entire BLOCK_SPAM ACL. apply your old access-list back to the interface and you should be good.

access-group outside_access_in in interface outside
Click to expand...

ok let me just delete everything I've done here and gimme what I should be copying and pasting from the get go.
 
Originally posted by: Homerboy
Originally posted by: jlazzaro
you can only have 1 access-list per interface, forget the entire BLOCK_SPAM ACL. apply your old access-list back to the interface and you should be good.

access-group outside_access_in in interface outside
Click to expand...

ok let me just delete everything I've done here and gimme what I should be copying and pasting from the get go.
Click to expand...
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq pop3
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq smtp
 
Originally posted by: jlazzaro
Originally posted by: Homerboy
Originally posted by: jlazzaro
you can only have 1 access-list per interface, forget the entire BLOCK_SPAM ACL. apply your old access-list back to the interface and you should be good.

access-group outside_access_in in interface outside
Click to expand...

ok let me just delete everything I've done here and gimme what I should be copying and pasting from the get go.
Click to expand...
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq pop3
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq smtp
Click to expand...

deleted everything
copy and pasted those two lines
crap still is getting through

SMTP-00654: message <GWMVLMQTJUUVEXSHIKPGFHXA@msa.hinet.net> from vcmfldduwzkn@ms4.hinet.net (5 recipients): Mon Mar 3, 2008 at 3:18:06 PM

does it have to be set to the other subnet as I stated above?
I'm at a total loss
 
Originally posted by: jlazzaro
paste the output of:

show run | i access-group

show access-list
Click to expand...


Result of firewall command: "show run | i access-group"

access-group outside_access_in in interface outside




Result of firewall command: "show access-list"

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list outside_access_in; 7 elements
access-list outside_access_in line 1 deny tcp 168.95.0.0 255.255.0.0 any eq smtp (hitcnt=0)
access-list outside_access_in line 2 deny tcp 168.95.0.0 255.255.0.0 any eq pop3 (hitcnt=0)
access-list outside_access_in line 3 remark pop3
access-list outside_access_in line 4 permit tcp any host E-Mail eq pop3 (hitcnt=61541)
access-list outside_access_in line 5 remark SMTP
access-list outside_access_in line 6 permit tcp any host E-Mail eq smtp (hitcnt=659017)
access-list outside_access_in line 7 remark TS
access-list outside_access_in line 8 permit tcp any host Term-Serv eq 3389 (hitcnt=1650)
access-list outside_access_in line 9 remark TS to MB
access-list outside_access_in line 10 permit tcp any host Term-Serv eq 4833 (hitcnt=320)
access-list outside_access_in line 11 remark TS to JOEP
access-list outside_access_in line 12 permit tcp any host Term-Serv eq 4850 (hitcnt=40)
access-list BLOCK_SPAM; 2 elements
access-list BLOCK_SPAM line 1 permit ip interface outside any (hitcnt=0)
access-list BLOCK_SPAM line 2 permit ip any any (hitcnt=509)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top