Compare cert salaries and plan your next career move
phantasm wrote: » *Mar 15 00:07:56.574: %SEC-6-IPACCESSLOGDP: list FW_In denied icmp 0.0.0.0 -> x.x.x.x (3/0), 1 packet I x'd out my IP, but I just saw that in the log file. Now I'm a bit paranoid anyway because I removed CBAC off my WAN Interface due to the fact that it choked my connection down to 500k from 7MB. So right now I'm running an ACL to filter incoming traffic. I'm not happy, but I can't get that dang established keyword to work. This is what I have.... ip access-list extended FW_In deny tcp any any eq 22 log deny tcp any any eq telnet log deny tcp any any eq 135 deny tcp any any eq 136 deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 139 deny tcp any any eq 445 deny tcp any any eq 593 deny ip 127.0.0.0 0.255.255.255 any log deny ip 0.0.0.0 0.255.255.255 any log deny ip 10.0.0.0 0.255.255.255 any log deny ip 172.16.0.0 0.15.255.255 any log deny ip 192.168.0.0 0.0.255.255 any log deny ip 169.254.0.0 0.0.255.255 any log deny ip 192.0.2.0 0.0.0.255 any log deny icmp any any echo deny icmp any any redirect deny icmp any any mask-request deny icmp any any fragments permit udp any eq ntp any eq ntp log permit udp any any eq isakmp permit udp any any eq non500-isakmp permit ip any any Any recomendations?
tndfr wrote: » for the established keyword to work you need the 3 way handshake to be carried out first, so you have to allow 3 packets in/out and the established line of an ACL should be way down. from experience, it would not work if you put the established keyword at the begining of the ACL ( think 3 way handshake using packets SYNC ACK SYNC) just a suggestion: wouldn't it be better to only allow what you want with an implicit deny at the end rather than deny every single port/network?.
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
