from to
| |
access-list 100 deny tcp host 208.142.150.10 any eq www
access-list 100 allow ip any any <<<< this allows any other ip traffic
If you want to really block out all web requests you should use the RANGE
feature of the access lists and enter a range of ports where web servers may
be running.
Also keep in mind that access lists are evaluated sequentially so even if at
the end of the list you allow everything, whatever you have blocked before
is still blocked.....
Chazakis Ioannis
Network Administrator
Acropolis Net
----- Original Message -----
From: Danny Sinang <danny@uplink.com.ph>
To: NTISP <ntisp@iea-software.com>
Sent: Friday, March 26, 1999 5:22 PM
Subject: [NTISP] Cisco 2501 access-list question
> Guys,
>
> I tried making an access-list on my Cisco 2501 as follows :
>
> access-list 100 deny tcp host 208.142.150.10 any eq www
>
> My intention was to block any outgoing WWW request from 208.142.150.10 (my
> PC). But the result was that every outgoing request (even "ping") was
> blocked by the 2501.
>
> Where did I go wrong here ?
>
> - Danny
>
>
> For more information about this list, including removal,
> see this url: http://www.iea-software.com/maillist.html
>
For more information about this list, including removal,
see this url: http://www.iea-software.com/maillist.html