Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need help blocking port 80

Status
Not open for further replies.
joeymia

joeymia

IS-IT--Management
Feb 4, 2002
1
0
0
US
I want to disable access to port 80 from some inside users. For example I don't want users 192.168.0.70-192.168.0.90 viewing websites. I don't care if they can use other applications I just need 80 blocked. Ive tried using access-list commands and shun but insted it blocked all traffic.

shun 0 80 80 (this wouldn't let me go out anywhere)

access-list luis deny tcp host 192.168.0.70 any eq 80 (same here)

Please help me out I would greatly apreciate it.
 
Sort by date Sort by votes
Try

access-list luis deny tcp host 192.168.0.70 any eq 80
access-list luis permit ip any any

There is an implicit deny at the end of the access list.
 
Upvote 0 Downvote
I use access-list commands only to control inbound traffic. To control outgoing connections simply use "outbound" command. You can control access by first blocking all connections and than allowing only specific ports. For example to block a specific user - 192.168.0.70 - in your access list add the following to your configuration:

outbound 1 deny any any
outbound 1 permit 0 0 80
outbound 1 deny 192.168.0.70 255.255.255.255 80
apply (inside) 1 outgoing_src
 
Upvote 0 Downvote
NOktar:

Is the outbound list parsed by the pix in the same fashion as an access-list? IE would your deny any any need to be at the end?
 
Upvote 0 Downvote
Your PIX access list is different from the router. The order of a router's access list is vitally important, because the first match will cause a rejection or acceptance. However, the PIX uses a best-fit mechanism for its access lists. This allows the administrator to deny whole ranges of IP addresses and then allow specific hosts through at a later date without having to rewrite the whole access list. The PIX access list is also neither a standard nor an extended access list, but rather a combination of the two forms.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
146
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
124
XLNTech1
XLNTech1
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
56
PauS0n
PauS0n
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
161
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
47
tklamb
tklamb

Part and Inventory Search

Sponsor

Back
Top