Access Control List 1

[RadioX]

I want to setup an access control list for a server that blocks all incomming traffic on all ports unless otherwise specified. Basically I dont want any incomming traffic on some servers accept for port 80 and 25 and stuff like that.

Is there a way to do this and how

Thanks
Ron

 

[RouterGod]

This would entail creating an Extended ACL.

The following is an example of how to allow hhtp traffic to pass through, the Ethernet network is a Class B network with the address 128.88.0.0 and the web (hhtp traffic) host's address is 128.88.1.2.

access-list 101 permit http 128.88.0.0 0.0.255.255 0.0.0.0 255.255.255.255
access-list 102 permit http 0.0.0.0 255.255.255.255 128.88.0.0 0.0.255.255 established
access-list 102 permit http 0.0.0.0 255.255.255.255 128.88.1.2 eq 80
interface serial 0
access-group 101
interface ethernet 0
access-group 102

If you want only to allow this traffic, ensure there is a "deny any" entry on the bottom of the ACL. This will deny all other traffic.
Regards,

Don

 

[routerhead]

When you assign an access list to an interface, it's:
ip access-group 101 (in/out)
you have to specify the direction