Conduit Statement to block an internal host from accessing all Web traffic

craig.everitt · ‎01-19-2004

I want to block a internal host from downloading and accessing all traffic from the internet.

mostiguy · ‎01-19-2004

conduits are for outside - inside.

time to start learning about access control lists. you can bind ACLs to the inside interface

access-list insideout deny tcp host host.ip.addr.here any eq 80

access-list insideout permit ip any any

access-group insideout in interface inside

that should do it

craig.everitt · ‎01-19-2004

Thanks for your reponse, unfortunatly our firewall is still using conduits.

Could you please help me with denying a host on the inside from getting out.

scoclayton · ‎01-19-2004

Actually, conduits work for permitting or denying traffic both inbound and outbound. Give this a shot and see if it helps:

conduit deny ip any host

Scott

l.mourits · ‎01-19-2004

Hi Graig,

Just a usefull tip here:

Why don´t you take a look at Cisco´s Output Interpreter (available on CCO). This tool provides an easy way for migrating your conduit config into access-list config.

Allthough conduits work fine, Cisco has announced that future versions will not support them anymore (I think from version 7 and higher conduits will not be supported anymore).

So, maybe my post is a bit off topic, but I would really advise you to consider changing into access-lists (like the other guy mentioned before)

Kind regards,

Leo