[afnog] Help on Access list Evaluation

Mangaliso Jere mangaliso at gmail.com
Mon Jul 17 10:34:03 EAT 2006


Guys

I am experiencing an up surge of traffic on my network.  At the moment
am reviewing my access-lists. If the are any other rules I can add.

access-list 101 deny   tcp any any eq 135
access-list 101 deny   udp any any eq 135
access-list 101 deny   tcp any any eq 445
access-list 101 deny   udp any any eq 445
access-list 101 deny   tcp any any eq 5554
access-list 101 deny   udp any any eq 5554
access-list 101 deny   tcp any any eq 9996
access-list 101 deny   udp any any eq 9996
access-list 101 deny   tcp any any eq 139
access-list 101 deny   udp any any eq netbios-ss
access-list 101 deny   tcp any any eq 136
access-list 101 deny   udp any any eq 136
access-list 101 deny   tcp any any eq 137
access-list 101 deny   udp any any eq netbios-ns
access-list 101 deny   tcp any any eq 138
access-list 101 deny   udp any any eq netbios-dgm
access-list 101 deny   icmp any any
access-list 101 deny   tcp any any eq smtp
access-list 101 permit ip any any



This is the list I am using for my clients and of course I add some
host routes for individual clients where necessary.




-- 
Mangaliso Jere
Lilongwe
Malawi
(265)- 9 - 953079



More information about the afnog mailing list