In a PIX 515, os Version 6.3(5), I want to prevent traffic TCP ports 445, 3066, 3067 from going from inside to outside (due to us having gotten blacklisted for outgoing Korgo traffic).
Here's the relevant config:
access-list acl_outbound deny tcp any any eq 3067
access-list acl_outbound deny tcp any any eq ident
access-list acl_outbound deny tcp any any eq 445
access-list acl_outbound permit ip any any
access-group acl_outbound in interface inside
(Pix translated 3066 to ident...)
When I first applied this, I got a few hits on the ACEs for 445 & ident right away. Several months pass, and I find we've gotten blacklisted again, again because of Korgo. I check the ACEs over a couple or three days - no activity the first 2 days, then today 9 more hits on 445, 3 more on ident.
So, the ACL does something... But, is it correct for blocking traffic going from inside to outside?
(Initiatives are underway to get CSA & NAC installed, but for the moment I have to rely on the firewall to keep bad things from getting out...)