I deny out traffic : ip access-group 101 out
I cannot use it as "in" because, inbound request can be either ICMP or UDP depending of the version of traceroute. But I'm sure that the answer is in ICMP so applying an out filter will permit to use it with every traceroute version. ""Robert Raver"" a icrit dans le message de news: [EMAIL PROTECTED] > Stephane, > > How are you applying this? It should be coming and not going out. ex. ip > access-group 101 in > > Thanks, > Robert Raver > > > ----- Original Message ----- > From: "Stephane Litkowski" > To: > Sent: Tuesday, November 05, 2002 11:21 AM > Subject: Traceroute blocking on CISCO router [7:56924] > > > > Hi all, > > > > how can I prevent a cisco router to respond to a traceroute (ICMP or UDP) > ? > > I tried to apply an access-list out to prevent ICMP to be generated by the > > router, but it doesn't seem to block anything ! Maybe access-lists cannot > > block local traffic ... > > > > access-list 101 deny icmp any any log > > access-list 101 permit ip any any > > > > I see the packet log by the ACL, but it is still transmitted (because > local > > ?) > > > > 00:24:13: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.1.3 -> > > 192.168.1.2(0/0), 1 packet > > 00:24:13: IP: s=192.168.1.3 (local), d=192.168.1.2 (Ethernet0), len 56, > > sending > > 00:24:13: ICMP type=11, code=0 > > > > Thanks for help > > > > Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56936&t=56924 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
