If I want to write an access list (inbound)on a router to prevent users on the Ethernet LAN connected to e0 from accessing a TFTP server (10.1.1.15) located on the LAN connected to e1.
The extended access list on the Ethernet interface e0 (inbound), will be:
Access-list 101 deny udp (not tcp) 0.0.0.0 255.255.255.255 10.1.1.15 0.0.0.0 eq 69
Access-list 101 permit ip any any.
Do I need to add this line as well to the deny statement above?
Access-list 101 deny tcp (not udp) 0.0.0.0 255.255.255.255 10.1.1.15 0.0.0.0 eq 69
See the link below for that.
Under : The following incoming access list will block these ports on your router: