As our 7206 has multiple sub-interfaces for our Internet clients, I'm looking at a generic ACL I can apply to each one to deny things like netbios traffic, telnet access etc, but still allowing them full internet access...eg.

(Just logging all for debugging purposes)

access-list 132 deny udp any eq netbios-dgm any log-input

access-list 132 deny udp any eq netbios-ns any log-input

access-list 132 deny udp any eq netbios-ss any log-input

access-list 132 deny tcp any eq 137 any log-input

access-list 132 deny tcp any eq 138 any log-input

access-list 132 deny tcp any eq 139 any log-input

access-list 132 deny tcp any eq 23 any log-input

access-list 132 permit ip any any

But I can't see a way to have a default deny policy, without killing there Interenet connection..

Any suggestions/Comments are greatly appreciated.

Regards,

MB