Scott,
The following example will block the full suite of NetBios inbound to you
(presumably 195.50.79.0/24). This is not a complete ACL -- it will be
necessary to either specifically allow the traffic you desire inbound, or
add another line to the bottom (currently commented out) permitting
everything else.
access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-dgm
access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ns
access-list 101 deny udp any 195.50.79.0 0.0.0.255 eq netbios-ss
access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 137
access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 138
access-list 101 deny tcp any 195.50.79.0 0.0.0.255 eq 139
! access-list 101 permit ip any any
jas
At 07:35 PM 1/17/01 +0000, Scott S. wrote:
>Our WatchGuard FireBox seems to be getting overloaded by the number of
>NetBios packets it is denying. We are thinking that it might be a good idea
>of blocking these at our router instead. It is a Cisco 7200 with a pretty
>light load. Does this sound like a sensible idea? If so I was thinking the
>following rule would be appropriate:
>
>access-list 101 deny any 195.50.79.0 eq 137
>
>
>Is this correct, or am I way off?
>
>
>Thanks in advance for any replies.
>
>
>Sincerely,
>
>Scott
>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
