Shouldn't the last entry in the access-list be: access-list 102 permit ip any any
Otherwise all other traffic will be blocked. --- Ed Henderson Certainty Tech http://www.certainty.net/ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Dallas L. Engelken > Sent: Friday, August 22, 2003 5:37 PM > To: CertaintyTech; ML qmail-scanner > Subject: RE: [Qmail-scanner-general]Worm.Sobig.F > > > > -----Original Message----- > > From: CertaintyTech [mailto:[EMAIL PROTECTED] > > Sent: Friday, August 22, 2003 12:04 PM > > To: 'ML qmail-scanner' > > Subject: RE: [Qmail-scanner-general]Worm.Sobig.F > > > > > > > option 1) restrict all outbound destination port 25 traffic > > from your > > > internal lan, except for the mail server IP's. they are > > the only ones > > > that should be sending the mail anyhow. (exceptions to > > this would be > > > direct sendmail deliveries from clients...). > > > > > > ...snip... > > > > > > Dallas > > > > > > > > > Do you know how to do "option 1" on a Cisco router? > > > > Ed. > > > > > ios 12.x commands would look something like this... ignore the pretty > drawning and the comments. > > [internet] -> [ cisco ] -> [mail server] > 0.0.0.0 10.1.1.1 10.1.1.2 > > # source: any, source port: *, dest: 10.1.1.2, dest port: 25 (incoming > mail) > access-list 102 permit tcp any host 10.1.1.2 eq 25 > > # source: 10.1.1.2, source port: *, dest: any, dest port: 25 (outgoing > mail) > access-list 102 permit tcp host 10.1.1.2 any eq 25 > > # deny 10.1.1.x lan from talking on port 25 to the outside world > access-list 102 deny tcp 10.1.1.0 0.0.0.255 any eq 25 > > interface ethernet0/8 > ip access-group 102 in > > i dont use cisco ios regularly, so anyone can feel free to > correct me if > you see something wrong with that. > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a > single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines > at the same time. Free trial click > here:http://www.vmware.com/wl/offer/358/0 > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
