Well, standard practice is to block everyting and only allow what you need. I am not sure what exactly you want to do here, but you can easily use a range or ports in your PIX's access-list. Something like this
* newer syntax access-list acl_inbound deny tcp any any range 6660 6669 * older syntax inbound 10 deny x.x.x.0 255.255.255.0 6660-6669 tcp Then just aply your access-list to your nat statement(s). IRC runs on ports 6660 - 6669, just incase you didn't already know. Hope that helps, John -----Original Message----- From: Luke Levis [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 10:49 AM To: NT 2000 Discussions Subject: off-topic cisco pix I have a cisco pix 515 and I have set aside around 80 routable IP addresses for NAT use for all of the desktops going out to the internet I have already set up an access-list for inside traffic going out and I wanted to explicitly set a DENY statement for any outside machine to connect to any machine in that IP range.. I know by default that firewalls are set up to block everything, but a couple of people have had IRC chat clients installed on their machines( to which they deny installing) but I was wondering if there was a "range" statement I could use to block all inbound traffic to those clients? any help would be appreciated, or telling me im a moron is ok too *************************************************************************** The information contained in this message is intended only for the confidential use of the recipient(s) named above. This message is privileged and confidential. If the reader of this message is not the intended recipient or any agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately. SMG reserves the right to monitor and review all content sent to and from this email address. Messages sent to and from this address may be stored on the SMG email system. ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
