Forgive me for such a basic question...
I currently allow ftp access from my outside interface to the server on my inside interface:
static (inside,outside) 192.168.254.21 192.168.0.60 netmask 255.255.255.255
access-list in permit tcp any host 192.168.254.21 eq ftp
access-group in in interface outside
Now, I don't like restricting based on IP address, but I have noticed 2 or 3 IP addresses (that seem to be static) that are attacking my ftp server.
When I write my access-list 'deny' statement for those IP addresses, am I going to apply it to the outside interface or the inside interface; as I currently allow everyone to access my ftp server from my outside interface...
In what order are access-lists evaluated?
(I'm 40 something and some things are not sinking in as quickly as when I was 20 something)
The denies must be before the permit any or they won't do anything. It goes from the top down and stops at the first match.
You should apply it on the outside interface access-list. So
access-list in deny tcp host "bad ip address1" host 192.168.254.21 eq ftp
access-list in deny tcp host "bad ip address2" host 192.168.254.21 eq ftp
etc.. for bad ip addresses
access-list in permit tcp any host 192.168.254.1 eq ftp
Know what you mean about things taking longer to sink in :-)