ACL to block TFTP not working

Answered Question

I am trying to block TFTP traffic with an ACL with the following commands, and have applied it to the appropriate interface (outbound on interface with the server subnet) and I can still copy a file over via TFTP. What am I missing? I have confirmed Solar Winds TFTP server is functioning on UDP port 69.


deny UDP any any eq 69

permit ip any any

Correct Answer by Giuseppe Larosa about 7 years 4 months ago

Hello Steve,

outbound ACLs don't block packets that are generated locally on the router itself.

So if you test the ACL by copying a file from the router itself to the TFTP server the result is an apparent  failure of the ACL = a successful TFTP file transfer.




Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 02/16/2010 - 14:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Steve,

outbound ACLs don't block packets that are generated locally on the router itself.

So if you test the ACL by copying a file from the router itself to the TFTP server the result is an apparent  failure of the ACL = a successful TFTP file transfer.




Hope to help

Giuseppe

Actions

This Discussion