Perhaps you are thinking of standard IOS ACL rules, specifically reflexive ACLs? Or maybe the "established" keyword on standard ACLs that looks for an ACK flag?
On Thu, Oct 9, 2014 at 4:23 PM, Roland Dobbins <rdobb...@arbor.net> wrote: > > On Oct 10, 2014, at 2:56 AM, Pete Lumbis <alum...@gmail.com> wrote: > > > Existing connections skip the ACL check. > > Is there a knob/stanza for this? If so, is 'permit established' the > default? > > ---------------------------------------------------------------------- > Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> > > Equo ne credite, Teucri. > > -- Laocoön > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/