access-list 100 deny tcp host 18.104.22.168 any eq www
access-list 100 allow ip any any <<<< this allows any other ip traffic
If you want to really block out all web requests you should use the RANGE
feature of the access lists and enter a range of ports where web servers may
Also keep in mind that access lists are evaluated sequentially so even if at
the end of the list you allow everything, whatever you have blocked before
is still blocked.....
----- Original Message -----
From: Danny Sinang <firstname.lastname@example.org>
To: NTISP <email@example.com>
Sent: Friday, March 26, 1999 5:22 PM
Subject: [NTISP] Cisco 2501 access-list question
> I tried making an access-list on my Cisco 2501 as follows :
> access-list 100 deny tcp host 22.214.171.124 any eq www
> My intention was to block any outgoing WWW request from 126.96.36.199 (my
> PC). But the result was that every outgoing request (even "ping") was
> blocked by the 2501.
> Where did I go wrong here ?
> - Danny
> For more information about this list, including removal,
> see this url: http://www.iea-software.com/maillist.html
For more information about this list, including removal,
see this url: http://www.iea-software.com/maillist.html