×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Selective Java applet blocking by external address with PIX?

Unanswered Question
Apr 16th, 2003
User Badges:

I'm trying to implement Java applet blocking on my PIX, and I'm looking for a way to be more selective about how i do it.


According to the documentation, I can permit certain internal addresses to get Java applets from the outside, but it doesn't seem that I can permit all internal addresses to get Java applets only from certain external addresses.


I can do this (but would prefer not to) at my border router with CBAC using access lists, but the same functionality doesn't seem to be present in the PIX.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bhockenhull Wed, 04/16/2003 - 15:44
User Badges:

I saw that, but I can't translate that into what I want to do. Maybe I'm missing something.

What I want to do is to deny Java applets from all foreign hosts except fro those I define as friendly. Using CBAC, I'd set up a java access list along these lines:

access-list XX permit 12.0.3.0 0.0.0.255

access-list XX deny any

Which would allow Java applets from 12.0.3.0/24 but deny them from everyone else.

If I could use the filter java command to filter all java *except* certain stuff, that'd be perfect.

Actions

This Discussion