Outbound Commands : Blocking External IPs

[LordElfkin]

Hello, I have recently been put in charge to administer and maintain our PIX 520 Firewall running version 4.4(1). I have also been asked to block all access to specific external IPs, specifically those associated with Messenger services.
I am relatively new to the PIX environment so I am looking for any suggestions you may have. I have tried numerous configurations with no success. It seems when I try to block a specific external ip from all ports it blocks all external ips from all ports. Or say i block port 23 for external ip x.x.x.x instead of just blocking port 23 for ip x.x.x.x it blocks port 23 completely. My main issue is that certain ports... 80 443 and oracle/sql service ports must be open for our operation to run. So I need to find a way to block all ports (since messenger services will run on just about any open port including 80) for a specific external ip address. If anyone could help I would greatly appreciate it. Thanks!

 

[rdoucet]

I'm assuming you are using an access list to do this. That being the case, there is an implicit "DENY ALL" at the end of your list, allowing only what you put. Make the last line of your access list is something like 'access-list 101 permit ip any any' and it will do what you've asked the list to do, and no more.