10-05-2007 07:06 AM - edited 03-11-2019 04:21 AM
hi all, by default is anything allowed out of my firewall, does the permit ip any any allow everything out, ie all tcp ports? if I wanted to just allow web traffic out, would I delete the default allow all rule off and create one for tcp port 80 to anywhere ?
10-05-2007 07:38 AM
Yes.
You need to create a rule to permit 80 and another rule to block everything else. You would simply do this.
access-list inside permit tcp any any eq 80
access-list inside deny ip any any
access-group inside in interface inside
10-05-2007 08:27 AM
can you tell me what the "access-group inside in interface inside" means ? , would we not want this going outbound ?
10-05-2007 08:57 AM
It applies the acl into the inside interface which would be outbound.
If you wrote access-group inside out interface inside then the acl would be applied outbound from the inside interface, or inbound to you inside network.
Also, not to confuse you more, if you apply the acl on the outside interface, it would be as you suggested. access-group inside out interface outside would be outgoing from inside network. access-group inside in interface outside would be incoming traffic from the outside.
10-07-2007 07:40 AM
I am a little confused on this, can you explain a little further about the inside/outside in etc access lists ? and also what part of the statement is actually the name of the access list here ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: