Robert Glover wrote:
>
> You are looking for RFC 792.
>
> > All the responses are great, but I need to know the port number, because
> > I'm blocking it in my Cisco Router, not a linux machine. Thanks.
Assuming IOS:
Cheap way:
ip access-list 101 allow icmp <my_addresses> <my_addresses>
implicit denies will stop ALL outside icmp traffic. Your network may
work, but you lose quite a lot of important network diagnostics this way.
You may also not be able to connect to some hosts, due to not receiving
info about upstream packet fragmentation.
Better Way:
ip access-list 101 allow icmp all <my_addresses> ?
putting in the ? will cause it to list possible icmp message types.
Then just do one line per protocol you want to allow.
Again, implicit denies will block anything not specified.
Either way:
Don't forget to add in allow statements for other traffic!! If you
implement just these rules, you'll be blocking legitimate traffic
as well.
Go to the outside interface, and put
access-group 101 in
to actually assign the acl.
I have no idea what you'd put into a CBOS machine.
--
-------------------------------------
Sam Bayne - System Administrator
North Seattle Community College
[EMAIL PROTECTED] (206)527-3762
=====================================
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
