Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access Lists to block a range of ports

Is there a way to use an access list to block a range of ports or do I have to put them all in seperately? Also I searched the forum and am suprised this hasnt been mentioned yet, but I am trying to block a user on our network from downloading using a new p2p program or network called bit torrent. If anyone has any info that can help me with that it would be greatly appreciated. Here are some FAQ pages on it:

  • Other Security Subjects
New Member

Re: Access Lists to block a range of ports

Sorry, I should add that I am trying to do this with a PIX 515.

New Member

Re: Access Lists to block a range of ports

it's easy if you use pdm as the access list has the range option as a drop down menu.

otherwise the command line is as follows in this example:

access-list acl_dmz1 deny tcp any host any range 1024 2025 - this will deny all ports 1024-2025.


New Member

Re: Access Lists to block a range of ports

Try Object grouping


object-group service tcp|udp|tcp-udp

port-object eq

port-object range

Then reference the in your access-list

i.e for bit torrent

object-group service BitTorrent tcp

port-object range 6881 6999

access-list Inside_in deny tcp any any object-group BitTorrent

Lets know how u get on