How to block "traceroute" output but allow "ping" ?

From: JZ (jzhang0427a@xxxxxxxxx)
Date: Sun Feb 25 2001 - 18:48:01 GMT-3

Next message: Patrick Murphy: "Re: how to block traeroute ouput but permit ping ..."
Previous message: David Fahed: "ATM simple PVC config"
Next in thread: Ilya Mazhara: "Re: How to block "traceroute" output but allow "ping" ?"
Maybe reply: Ilya Mazhara: "Re: How to block "traceroute" output but allow "ping" ?"
Maybe reply: Luis Santos: "RE: How to block "traceroute" output but allow "ping" ?"
Maybe reply: Priscilla Oppenheimer: "RE: How to block "traceroute" output but allow "ping" ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, here is an issue regarding "traceroute" of ICMP:

rL:s0 ------------- s0:rM:S1 --------------s0:rR
| |
tr <rR:s0 ip > "ip acc-grp 100 out"
ping <rR:s0 ip>

Q: apply acl on rM:S1 (out) to block the output of
traceroute from rL to rR, but allow rL ping rR.
All routers have full IP connectivity.

My cfg. on rM: (omitting unrelated part)
  !
  int rM:S1
   ip acc-grp 100 out
  !
  acl# 100 deny ICMP any any EQ Traceroute
  acl# 100 perit ip any any
  !

While verify, from rL using "tr <rR:s0 IP> ", the
traceroute output from both routers -- rM and rR, show up.
Ping works well.

Was anything wrong in cfg. that fails to block the output
from rR ?

Thanks in advance ,

JZ
Sunday

Next message: Patrick Murphy: "Re: how to block traeroute ouput but permit ping ..."
Previous message: David Fahed: "ATM simple PVC config"
Next in thread: Ilya Mazhara: "Re: How to block "traceroute" output but allow "ping" ?"
Maybe reply: Ilya Mazhara: "Re: How to block "traceroute" output but allow "ping" ?"
Maybe reply: Luis Santos: "RE: How to block "traceroute" output but allow "ping" ?"
Maybe reply: Priscilla Oppenheimer: "RE: How to block "traceroute" output but allow "ping" ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:00 GMT-3