I have a server on my network which is advertised to the internet. I have been seeing SMTP connections from the internet address space do this server. If I want to deny SMPT connections to the server can I do the following
ip access 133 remark block smtp connections
access-list 133 deny any <host IP> eq smtp?
Would this block the connections? Do I have to apply this to the Interface(s) that connect to my ISP?
Thanks to Satish, I now know how to debug the source addresses from the access-list.
Thanks for help.
I do have a PIX firewall at the ISP that provides our prim internet connection and would prefer to stop it there but I am still new to the PIX configuration and would rather for now block in at the router entry points to my network.
Any help would do.
You would need to apply it only inbound on the interface as the traffic is coming from outside --> inside only. However, if you want to block outbound SMTP as well then the ACE needs to reversed.
access-list 132 deny tcp host eq smtp any
access-list 132 permit ip any any
The 'in' and 'out' keyword used with the 'ip access-group' is viewed from the standpoint of the router itself. Hence, 'in' means traffic coming into the interface and 'out' means traffic leaving the interface. Use a difference ACL #, though not necessary, for inbound and outbound filtering.