Re: SMTP access list

[D. J. Jones]

Title: SMTP access list

I think you need to have the 3rd line because if you do not, then all other traffic will be denied. ""Shahir Boshra"" <[EMAIL PROTECTED]> wrote in message 8khoes$ch4$[EMAIL PROTECTED]">news:8khoes$ch4$[EMAIL PROTECTED]... Elmer,   The router applies the first match and neglects the remaining lines. i.e. in your example, only any traffic from the 3 mentioned sources & carrying smtp will be allowed. Note that the last 2 lines are unnecessary, as the implicit deny any will apply in all cases. To make it clearer, suppose we have something like: access-list 176 permit tcp 193.128.233.177 0.0.0.0 any eq smtp log access-list 176 deny tcp 193.128.233.177 0.0.0.0 any eq smtp access-list 176 permit ip any any   The smtp traffic from the mentioned host will be permitted although it's denied in the second line.   I hope this helps.   Regards, Shahir Boshra Telecommunications Specialist USAID - Egypt   ""Deloso, Elmer G."" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, all. Just to verify my understanding of extended access-lists: this continues to parse the entries even after a match has already been found, so if the first few lines have a "permit" and later down the last few lines it encounters a "deny", what does the router do? Example: access-list 176 permit tcp 193.128.233.177 0.0.0.0 any eq smtp log access-list 176 permit tcp 203.23.83.180 0.0.0.0 any eq smtp log access-list 176 permit tcp 203.35.182.133 0.0.0.0 any eq smtp log . . . . access-list 176 deny ip 193.0.0.0 0.255.255.255 any log access-list 176 deny ip 203.0.0.0 0.255.255.255 any log Any help would be greatly appreciated. Elmer Deloso