Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access Lists to block a range of ports

Is there a way to use an access list to block a range of ports or do I have to put them all in seperately? Also I searched the forum and am suprised this hasnt been mentioned yet, but I am trying to block a user on our network from downloading using a new p2p program or network called bit torrent. If anyone has any info that can help me with that it would be greatly appreciated. Here are some FAQ pages on it:

http://bitconjurer.org/BitTorrent/FAQ.html

http://krypt.dyndns.org:81/torrent/faq.html

  • Other Security Subjects
3 REPLIES
New Member

Re: Access Lists to block a range of ports

Sorry, I should add that I am trying to do this with a PIX 515.

New Member

Re: Access Lists to block a range of ports

it's easy if you use pdm as the access list has the range option as a drop down menu.

otherwise the command line is as follows in this example:

access-list acl_dmz1 deny tcp any host 192.168.1.3 any range 1024 2025 - this will deny all ports 1024-2025.

sam

New Member

Re: Access Lists to block a range of ports

Try Object grouping

i.e

object-group service tcp|udp|tcp-udp

port-object eq

port-object range

Then reference the in your access-list

i.e for bit torrent

object-group service BitTorrent tcp

port-object range 6881 6999

access-list Inside_in deny tcp any any object-group BitTorrent

Lets know how u get on

Regards

128
Views
0
Helpful
3
Replies