I am testing outbound access-lists to apply to our PIX and have run into
a small problem.
The test list is as follows:
outbound 10 deny 0.0.0.0 0.0.0.0 0 0
outbound 10 except 0.0.0.0 0.0.0.0 7 tcp
outbound 10 except 0.0.0.0 0.0.0.0 7 udp
outbound 10 except 0.0.0.0 0.0.0.0 20 tcp
outbound 10 except 0.0.0.0 0.0.0.0 21 tcp
outbound 10 except 0.0.0.0 0.0.0.0 23 tcp
outbound 10 except 0.0.0.0 0.0.0.0 25 tcp
outbound 10 except 0.0.0.0 0.0.0.0 25 udp
outbound 10 except 0.0.0.0 0.0.0.0 53 udp
outbound 10 except 0.0.0.0 0.0.0.0 80 tcp
applied with:
apply (inside) 10 outgoing_src
I also have a conduit allowing icmp:
conduit permit icmp any any
The intent is to deny all outbound traffic _except_ those ports stated
above, with a destination of "anywhere". When I apply the list it blocks
PING attempts from the inside to the outside. When I remove the apply
statement it works fine. Is there something that I am leaving out with
my except statements? We are using version 4.3(2).
Thanks,
Warwick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
