Cisco Support Community
Community Member

Methods to block port in pix

I want to block some multimedia ports of some specific users on pix firewall . can you please tell me the methods and commands used in it . Your help will be highly appreciated in it .

Community Member

Re: Methods to block port in pix

You have to write an access list and then apply it to an interface. In the configuration shown below, replace 9999 with the multimedia port number you want to block.

The following access-list would block tcp port number 9999 for the subnet. I am giving the name acl_in to the access list.

access-list acl_in deny tcp any eq 9999

The kewyword 'any' means anywhere on the internet.

If you want to block only for specific hosts (let's say, you can write the access-list with the keyword 'host' as shown

access-list acl_in deny tcp host any eq 9999

You can write multiple access-lists for multiple hosts.

In order to apply the access lists to the interface named inside, use:

access-group acl_in in interface inside

'in' is a keyword meaning inbound traffic.

hope that helps!


Community Member

Re: Methods to block port in pix

thanks for the information , and for multimedia applications do i need to modify changes in fixup protocol commands like fixup protocol h323 1720

Cisco Employee

Re: Methods to block port in pix

You shouldn't need to touch the fixups if you want to just block specific ports.

CreatePlease to create content