the explicit deny it's not necessary.
if you use outbound on a interface the default policy it's DENY :)
Pietrosanti Fabio I.NET SpA, High Quality Access to the Internet
e-mail: [EMAIL PROTECTED] ( Direzione Tecnica, Gruppo Firewall )
[EMAIL PROTECTED]
PGP Key (DSS) http://naif.itapac.net/naif.asc
Home Page URL: http://www.inet.it
Sede: Via Caldera, 21 20153 Milano
Tel: 02-409061 Fax: 02-40906303
--
Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
On Wed, 19 Jul 2000 [EMAIL PROTECTED] wrote:
> Hi!
> I want to deny outbound traffic to all external hosts from an internal
> network except some specific ports.
> Is this the way to do it? (Using a PIX Firewall)
>
> outbound 110 permit 0.0.0.0 0.0.0.0 21 tcp
> outbound 110 permit 0.0.0.0 0.0.0.0 80 tcp
> outbound 110 permit 0.0.0.0 0.0.0.0 25 tcp
> outbound 110 permit 0.0.0.0 0.0.0.0 23 tcp
> outbound 110 permit 0.0.0.0 0.0.0.0 53 tcp
> outbound 110 permit 0.0.0.0 0.0.0.0 53 udp
> outbound 110 deny 0.0.0.0 0.0.0.0 1-65535 tcp
> outbound 110 deny 0.0.0.0 0.0.0.0 1-65535 udp
> apply (outside) 110 outgoing_dest
>
> Thanks!
>
> //Jesper
>
> ***************************************************************************
> "What is the most effective Win NT remote management tool?
> A Car."
> ***************************************************************************
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
