Cisco 2621 Firewall Question-Blocking IP addresses

it · ‎02-11-2004

Hey all, I have a quick question. I currently am being flooded from one IP with SMTP packets going to my email server. I am trying to block this IP address at the router level but cannot seem to get it. I am hoping this is a simple thing, but am not sure. The offending IP address is 192.165.243.110 Here is my current ACL for the incoming connections:

==SNIP==

access-list 101 deny tcp any any eq 28

access-list 101 deny udp any any eq tftp

access-list 101 deny tcp any any eq 135

access-list 101 deny udp any any eq 135

access-list 101 deny udp any any eq netbios-ns

access-list 101 deny udp any any eq netbios-dgm

access-list 101 deny tcp any any eq 139

access-list 101 deny tcp any any eq 445

access-list 101 deny tcp any any eq 4444

access-list 101 deny tcp host 192.165.243.110 any

access-list 101 deny udp host 192.165.243.110 any

access-list 101 deny ip host 192.165.243.110 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255

access-list 101 permit ip 192.168.0.0 0.0.255.255 any

==SNIP==

Now I could go into detail about every line, but the lines I am concerned about are the ones denying access to that IP address. By all accounts, blocking it at udp, tcp and ip should work but it is not. Anyone have any suggestions as to what I am doing wrong? Thanks!

Joe

nkhawaja · ‎02-11-2004

Hi,

Your access-list statement is correct, now the question is , what are the top few lines of this access-list?

I mean, you have provided with a snippet from the middle, so unless you tell us the access-list entreis from teh begining till this line

access-list 101 deny tcp host 192.165.243.110 any

we can't be sure of what is happening.

Secondly, is the access-list really applied? if yes, then on which interface and on which direction.

Thanks

Nadeem