PIX 515E to block ip of a subnet

Answered Question

I have a pix

515E and would like to block traffic of certin ip subnets.

I am receiving so many hits from there to my email server SMTP port.

i manually blocked ip

Ex.

125.110.102.86    ip's from china and creating spam on my mail server.

220.190.41.132

insted of each ip i want to block 125.110.0.0 and 220.190.0.0

how can i get this done ?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 10 months ago

[email protected]

thanx for the response jon

i am not alot fimilier with pix but from the web interface (PDM) i added rule like this and its blocking traffic from that ip

access-list acl_out_to_in line 40 extended deny object-group DM_INLINE_SERVICE_1 host 125.110.102.86 any 0x960c8531
  access-list acl_out_to_in line 40 extended deny ip host 125.110.102.86 any (hitcnt=21650) 0x47f4e704
  access-list acl_out_to_in line 40 extended deny tcp host 125.110.102.86 any (hitcnt=0) 0xe6059313
  access-list acl_out_to_in line 40 extended deny tcp host 125.110.102.86 any eq smtp (hitcnt=0) 0x7e703e53

what i would like to do is block everything from the ip 125.110.102.0 - 125.110.102.255 all hosts. is it possible ?


access-list acl_out_to_in deny tcp 125.110.102.0 255.255.255.0 any eq smtp

note instead of "any" you could actually put the SMTP server address - it's public IP.

If you want to deny all IP

access-list acl_out_to_in deny ip 125.110.102.0 255.255.255.0 any

but be aware that this will stop all IP connections from that subnet to any of your IP addresses.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Tue, 01/19/2010 - 09:00

[email protected]

I have a pix

515E and would like to block traffic of certin ip subnets.

I am receiving so many hits from there to my email server SMTP port.

i manually blocked ip

Ex.

125.110.102.86    ip's from china and creating spam on my mail server.

220.190.41.132

insted of each ip i want to block 125.110.0.0 and 220.190.0.0

how can i get this done ?

Not sure what you are asking here.

If you are already blocking certain hosts eg.

access-list outside_in deny tcp host 125.110.102.86 host eq 25

then to block a subnet simply change the first bit of your acl ie.

access-list outside_in deny tcp 125.110.0.0 host eq 25

or have i misunderstood the requirement ?

Jon

thanx for the response jon

i am not alot fimilier with pix but from the web interface (PDM) i added rule like this and its blocking traffic from that ip

access-list acl_out_to_in line 40 extended deny object-group DM_INLINE_SERVICE_1 host 125.110.102.86 any 0x960c8531
  access-list acl_out_to_in line 40 extended deny ip host 125.110.102.86 any (hitcnt=21650) 0x47f4e704
  access-list acl_out_to_in line 40 extended deny tcp host 125.110.102.86 any (hitcnt=0) 0xe6059313
  access-list acl_out_to_in line 40 extended deny tcp host 125.110.102.86 any eq smtp (hitcnt=0) 0x7e703e53

what i would like to do is block everything from the ip 125.110.102.0 - 125.110.102.255 all hosts. is it possible ?

Correct Answer
Jon Marshall Tue, 01/19/2010 - 09:28

[email protected]

thanx for the response jon

i am not alot fimilier with pix but from the web interface (PDM) i added rule like this and its blocking traffic from that ip

access-list acl_out_to_in line 40 extended deny object-group DM_INLINE_SERVICE_1 host 125.110.102.86 any 0x960c8531
  access-list acl_out_to_in line 40 extended deny ip host 125.110.102.86 any (hitcnt=21650) 0x47f4e704
  access-list acl_out_to_in line 40 extended deny tcp host 125.110.102.86 any (hitcnt=0) 0xe6059313
  access-list acl_out_to_in line 40 extended deny tcp host 125.110.102.86 any eq smtp (hitcnt=0) 0x7e703e53

what i would like to do is block everything from the ip 125.110.102.0 - 125.110.102.255 all hosts. is it possible ?


access-list acl_out_to_in deny tcp 125.110.102.0 255.255.255.0 any eq smtp

note instead of "any" you could actually put the SMTP server address - it's public IP.

If you want to deny all IP

access-list acl_out_to_in deny ip 125.110.102.0 255.255.255.0 any

but be aware that this will stop all IP connections from that subnet to any of your IP addresses.

Jon

Actions

This Discussion