I always prefer the explicit Deny - it makes troubleshooting at 3am so
much easier when you see the rule right there and don't have to remember
if something negated (Cisco I'm looking at you) the explicit deny
somewhere (or even that it exists)
On 3/22/2012 4:25 PM, Paul Graydon wrote:
Aloha,
I was tasked with clearing up some ambiguities in our firewalls.
Nothing too major, just some irritating stuff for the most part
(commenting all the rules etc), but I got to wondering:
Which is better practice, to have an explicit Deny / Deny at the end
of an access list, or leave it to the implicit one?
Paul
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
