• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What does your ACL look like?

F

FreshPrince

Diamond Member
Do you open everything and have a list of ports to block?

of

Do you block everything and have a list of ports to open?

Share your ACL, I'm curious to see how everyone does theirs...

thanks,

-FP
 
I have my NAT router at default settings for external intrusions.

As for my network I have changed the Administrator name and password on all computer. Then all shared files on the network only allow the computer owner and the Administrator to access.
 
Here you go. It's not very tight but it's something.

Incoming Traffic:
access-list outin permit icmp any any
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 25
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 80
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 443
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 110
access-list outin permit tcp any host XXX.XXX.XXX.3 eq 1677
access-list outin permit tcp any host XXX.XXX.XXX.5 eq 80
access-list outin permit tcp any host XXX.XXX.XXX.5 eq 443
access-list outin permit tcp any host XXX.XXX.XXX.21 eq 80
access-list outin permit tcp any host XXX.XXX.XXX.21 eq 443
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 5631
access-list outin permit udp any host XXX.XXX.XXX.7 eq 5632
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 110
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 6800
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 6900
access-list outin permit tcp host 10.102.6.11 any
access-list outin permit udp host 10.102.6.11 any
access-list outin permit udp any any eq 4444
access-list outin permit tcp any any range 9874 9875
access-list outin permit tcp any any eq 9878
access-list outin permit tcp any any eq 4421
access-list outin permit tcp any any range 4429 4430
access-list outin permit udp any any eq 17071
access-list outin permit tcp any any eq 123
access-list outin deny ip any any

Outgoing Traffic:
access-list inout permit icmp any any
access-list inout permit tcp any any eq 53
access-list inout permit tcp any any eq 554
access-list inout permit tcp any any eq 7070
access-list inout permit ip host 10.157.10.6 any
access-list inout permit ip host 10.153.7.1 any
access-list inout permit ip 10.153.4.0 255.255.255.0 any
access-list inout permit tcp any any eq 21
access-list inout permit ip host 198.111.214.30 any
access-list inout permit udp any any eq 4444
access-list inout permit tcp any any range 9874 9875
access-list inout permit tcp any any eq 9878
access-list inout permit tcp any any eq 4421
access-list inout permit tcp any any range 4429 4430
access-list inout permit udp any any eq 17071
access-list inout permit tcp any any eq 123
access-list inout deny ip any any
 
Originally posted by: reicherb
Here you go. It's not very tight but it's something.

Incoming Traffic:
access-list outin permit icmp any any
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 25
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 80
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 443
access-list outin permit tcp any host XXX.XXX.XXX.2 eq 110
access-list outin permit tcp any host XXX.XXX.XXX.3 eq 1677
access-list outin permit tcp any host XXX.XXX.XXX.5 eq 80
access-list outin permit tcp any host XXX.XXX.XXX.5 eq 443
access-list outin permit tcp any host XXX.XXX.XXX.21 eq 80
access-list outin permit tcp any host XXX.XXX.XXX.21 eq 443
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 5631
access-list outin permit udp any host XXX.XXX.XXX.7 eq 5632
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 110
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 6800
access-list outin permit tcp any host XXX.XXX.XXX.7 eq 6900
access-list outin permit tcp host 10.102.6.11 any
access-list outin permit udp host 10.102.6.11 any
access-list outin permit udp any any eq 4444
access-list outin permit tcp any any range 9874 9875
access-list outin permit tcp any any eq 9878
access-list outin permit tcp any any eq 4421
access-list outin permit tcp any any range 4429 4430
access-list outin permit udp any any eq 17071
access-list outin permit tcp any any eq 123
access-list outin deny ip any any

Outgoing Traffic:
access-list inout permit icmp any any
access-list inout permit tcp any any eq 53
access-list inout permit tcp any any eq 554
access-list inout permit tcp any any eq 7070
access-list inout permit ip host 10.157.10.6 any
access-list inout permit ip host 10.153.7.1 any
access-list inout permit ip 10.153.4.0 255.255.255.0 any
access-list inout permit tcp any any eq 21
access-list inout permit ip host 198.111.214.30 any
access-list inout permit udp any any eq 4444
access-list inout permit tcp any any range 9874 9875
access-list inout permit tcp any any eq 9878
access-list inout permit tcp any any eq 4421
access-list inout permit tcp any any range 4429 4430
access-list inout permit udp any any eq 17071
access-list inout permit tcp any any eq 123
access-list inout deny ip any any
Click to expand...

mmm.........
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top