If I am thinking of this correctly and thinking from the Point of View of the packet, traffic that leaves my PC leaves with a random source port to a well known (most of the time) port such as port 80. So I think that the "eq 80" needs to go after the second "any" to signify destination port of 80 as such:
access-list 100 permit tcp any any eq 80 Thanks, Mario Puras SoluNet Technical Support Mailto: [EMAIL PROTECTED] Direct: (321) 309-1410 888.449.5766 (USA) / 888.SOLUNET (Canada) -----Original Message----- From: Sabertech Cisco Training [mailto:[EMAIL PROTECTED]] Sent: Monday, December 30, 2002 4:16 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 1700 Access List [7:59975] To allow out only traffic sourced from TCP port 80: ! access-list 100 permit tcp any eq 80 any ! interface serial 0 ip access-group 100 out ! That's how you would do it, but it's extremely unusual to suppress traffic based on source ports... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James Gruggett Sent: Monday, December 30, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Cisco 1700 Access List [7:59975] Hi Everyone, I have a 1700 Cisco router connected to a T1. I would like to lock it down and only allow port 80 to transmitt data for security purposes. Any suggestions would be great. Thanks [GroupStudy.com removed an attachment of type text/x-vcard which had a name of james.gruggett.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59988&t=59975 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]