Dumb Question

[unixrocks]

I have a 506 to setup and needed a bit of help advising in the access-list setup. Do I

PIxFirewall<config># access-list inside_comms_out permit tcp any host x.x.x.x eq www
PixFirewall<config># access-list outside_comms_in deny tcp any any eq www

( iknow syntax may not be quite right)


We are not running a web server so it seems pointless adding in a rule to allow when we have no need for it or am I missing something here and I need one for complete web surfing.


Cheers

 

[ChrisAC]

By default nothing is allowed outside in and everything is allowed inside out. So, if you want to allow web browsing then you do not have to configure any access lists at all. All traffic from the inside will be allowed out.

However, you can create an outgoing access list if you did want to limit the outbound services. This is usually a good idea if you want to control outbound access and prevent unknown ports from viruses and trojans etc from getting out of your network and eating up all your bandwidth.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************