I've set up a mail server computer at my home and I was wondering if there are any known good router firewall settings that will hinder spammers relaying junk mail through my mail server. I know there are several things I can do on the server machine itself, but I'd also like to stop them at the router if that's possible.
I know I can filter traffic based on outside IP address but people's ip addresses change all the time so that's not a viable approach. Is it possible to filter outside traffic based on an outside mac address?
MAC acls can be used for filtering the traffic based on MAC address.MAC ACLs are applied on incoming traffic on Gigabit Ethernet interfaces and VLAN subinterfaces. After a networking device receives a packet, the Cisco IOS software checks the source MAC address of the Gigabit Ethernet, 802.1Q VLAN, or 802.1Q-in-Q packet against the access list. If the MAC access list permits the address, the software continues to process the packet. If the access list denies the address, the software discards the packet and returns an Internet Control Message Protocol (ICMP) host unreachable message.If the specified MAC ACL does not exist on the interface or subinterface, all packets are passed.
thanks for your response hadbou, Im glad to hear mac filtering is possible. I was looking on google but I'm finding it hard to understand what the correct acl command should be for this. I found this example command:
access-list 700 per 001c.baba.ca1b 0000.0000.0000
(where "001c.baba.ca1b 0000.0000.0000" is replaced with real mac addresses) but I need the permit rule to be on ports 25 and 110 (smtp and pop3) coming into Dialer0 from outside. Do you know what the correct command should be? maybe something like...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :