On 2/21/08, Rod Dorman <[EMAIL PROTECTED]> wrote: > Isn't the general rule of thumb to allow only what you explicitly need > and reject everything else? > > When I'm working with a Cisco IOS access-list I find its much easier to > state each specific "allow routing to this port on this host" and let > the final "deny any" to catch and reject the remainder.
so put the deny all rule first.
