Need to block IP's

[rtiv]

Due to spam, I need to block the following IP's from entering my network. I have a PIX520. What would the commands be ? Thanks

internet address = 208.177.184
64.79.64.7
internet address = 64.79.64.8

 

[rtiv]

I added these entries, are they correct:

conduit deny tcp any host 208.32.232.12 (hitcnt=0)
conduit deny tcp any host 208.177.184.28 (hitcnt=0)
conduit deny tcp any host 64.79.64.7 (hitcnt=0)
conduit deny tcp any host 64.79.64.8 (hitcnt=0

 

[webnetwiz]

you don't use Access Lists?

 

[rtiv]

just upgraded to 6.1(3) last week. Will start using access lists. What would be the correct access list statement in this case ?

Thanks

 

[yizhar]

HI.

* Since SPAM goes directly to your email server, you have also the alternative to block it there instead of the firewall, whatever seems better (If there are many smtp server behind the pix this is of course not a good option).

* For access-list syntax and other info, see the following:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[rtiv]

Ok, I need to prevent any host on network 81.9.8.0 from coming into my PIX. What would the statement be ?

conduit deny ip any host 81.9.8.0

????

 

[yizhar]

Almost.
For a network, you should define the subnet mask, like:

conduit deny ip any 81.9.8.0 255.255.255.0

It's all written here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/c.htm#xtocid5

Check out this note:
"The conduit command statements are processed in the order entered into the configuration. "

So you might need to clear and re-enter (or paste) all conduit commands in the order you want.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar