You can use pdm ( Web based gui of Cisco PIX). It looks like checkpoint gui.
You can insert lines between other statements, change nat definitions,
monitor system resources etc. It is very useful.
Ozan Akdemir
-Original Message-
From: Sam Sneed [mailto:[EMAIL PROTECTED]]
Sent: Tuesday,
Sam,
I used to copy my list out to notepad and add the new line. Do a 'no
access-list from-internet', then cut and paste the new one back in. Keep in
mind this will briefly leave you with no access list on that interface. Then
re-enter the 'access-group from-internet in interface outside'
Why don't you try removing the line you want it to be below (as well as the
deny ip any any at the end) then put in the new line, the next line(s) and
the deny line?
ie
no access-list from-internet permit ip any host 10.10.10.4
no access-list from-internet permit ip any host 10.10.10.5
no
The deny statement is there implicitly but if you put it in as well when you
do a show access-list command you will see the staitisticsof how many times
it was hit
as far as your suggestion goes, it may not work as well if you have over 100
access-lists and you need to put one in lets say 8th
access-lists [7:61033]
The deny statement is there implicitly but if you put it in as well when you
do a show access-list command you will see the staitisticsof how many times
it was hit
as far as your suggestion goes, it may not work as well if you have over 100
access-lists and you need
Sam,
you can do 2 method ie: CLI based and GUI based (PDM).
If you using PDM, you just insert add rule it.
CLI based:
1. access-list from-internet2 permit ip any host 10.10.10.1
access-list from-internet2 permit ip any host 10.10.10.2
access-list from-internet2 permit ip any host
6 matches
Mail list logo