On 07/01/02 07:31 -0800, Network Operations wrote: > After months of begging and pleading with numerous ISP's and Mass email > marketers (read: SPAMMERS), to be removed from their spam lists (of course > to no avail). We have succumbed to filtering SMTP from the following > netblocks: Fix the line length, please. > access-list acl_out deny tcp 64.37.114.64 255.255.255.224 any eq smtp > access-list acl_out deny tcp 64.37.121.128 255.255.255.224 any eq smtp > access-list acl_out deny tcp 65.161.31.128 255.255.255.128 any eq smtp > access-list acl_out deny tcp 128.121.0.0 255.255.0.0 any eq smtp > access-list acl_out deny tcp 161.58.0.0 255.255.0.0 any eq smtp > (many more are to follow, this is only the beginning) Hmmm, why not use ordb.org, orbz.org, osirusoft.com, procmail to block spammers? Isn't it easier than branding entire netblocks? Particularly, when some of the admins there may be conscious and taking care of their responsibilities?
> My question is this: As filters go, I seem to remember having to remove > my blanket Allow statement (access-list acl_out permit tcp any host > my.mail.srvr.ip.addr eq smtp) and then add it back in AFTER I've added > all the deny statements. Because if not the blanket allow statement > would supercede any deny statements which followed. > > Or has the PIX code gotten more intuitive? I think its still first match wins. So you will need to do exactly that. Devdas Bhagat _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
