2620 Router ACL

[mmcgurty]

I am running a Cisco 2620 router connected to a Point-to-Point T1 for dedicated internet access. I am currently running 12.1(18) IP Only IOS code, and plan to upgrade to 12.1(19) this weekend due to the recent Cisco vunerability brought to light this past week. What I want to be able to do is limit, using ACL's, some traffic from the internet. I don't want from the Internet side being able to ping our interfaces, or telnet. Could someone point me to a how-to on ACL to facilitate this? This is one of my greatest weak points on the Cisco IOS, so the dumbed down version the better.

Thanks.

 

[baddos]

ip access-list 101 deny icmp any any
ip access-list 101 deny tcp any any eq 23
ip access-list 101 permit ip any any
interface serial0/0
ip access-group 101 in

 

[fmonteiro]

baddos suggestion is pretty effective but in order to provide more security you may replace the "permit ip any any" by "permit tcp any any gt 1023 established".

This would limit the access to your router, from the Internet, only to connections initiated from your internal network.