Amateur needs help with access-list

[kenshin48]

I just recently bought a PIX Firewall for my home, and was playing around with the commands when I stumbled upon this access-list thing. I began reading about it, and found several example commands and such. However, when I type these into the prompt on my PIX, I simply get an error. To access the firewall, I simply telnet the address. I've tried typing in things like:

access-list IM_AOL deny tcp any any eq 1863

However, these commands don't seem to do anything when I type them in. How do I actually create and add to an access-list? Also, once I've done this, how would I permit a connection I previously denied? Thanks in advance.

 

[havanajoe]

When you telnet into the pix you need to be in priveledged mode.

telnet x.x.x.x

pix>

type ena or enable

pix#

type config t

pix (config)#

then you are ready to program it.

 

[baddos]

After you create an access-list, you have to apply it to an interface.

access-list IM_AOL deny tcp any any eq 1863
access-group IM_AOL in interface outside

The above commands would deny any TCP connection inbound for port 1863. Looks like you want to block your "inside" network from getting to AOL though, so you would want to do this:

access-group IM_AOL in interface inside

This would block your "inside" network from using TCP port 1863 to any host/network.