Search This Blog

Thursday, May 24, 2007

firewall-wizards Digest, Vol 13, Issue 11

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: PIX - acl breaks implicit outbound rule (Paul Melson)


----------------------------------------------------------------------

Message: 1
Date: Wed, 23 May 2007 14:09:39 -0400
From: "Paul Melson" <pmelson@gmail.com>
Subject: Re: [fw-wiz] PIX - acl breaks implicit outbound rule
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <006601c79d65$87e8d7f0$0202fea9@ad.priorityhealth.com>
Content-Type: text/plain; charset="us-ascii"

> However, it replaces the implicit outbound rule for Interface2 and breaks
all other outbound traffic on
> the interface. My question is, what can I append to the above access
group to put the outbound rule
> back in?

As far as I know, you can't. You will need to explicitly declare the
previously implied rule:

access-list Interface2toInterface1 deny ip 10.0.5.0 netmask 255.255.255.0
10.0.0.0 255.0.0.0 any
access-list Interface2toInterface1 permit ip 10.0.5.0 netmask 255.255.255.0
any


PaulM

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 13, Issue 11
************************************************

No comments: