From: Jason Gardiner (gardiner@xxxxxxxxxx)
Date: Fri Aug 10 2001 - 20:07:42 GMT-3
I think the specific line is dependent on whether the access-list is
applied inbound or outbound.
Thanks,
Jason Gardiner
Supervisor, Engineering Services
Sprint E|Solutions
"You can swim all day in the Sea of Knowledge and
still come out completely dry. Most people do."
- Norton Juster
On Fri, 10 Aug 2001, Daniel C. Young wrote:
> Folks,
>
> Pings require both icmp type echo and echo-reply. If you want to deny pings,
> would it make sense simple to deny echos only? The reason being is that if
> echos (requests) are never allowed, you will not even have any echo replies.
> I know that lab proctors are in search of the shorts acl possible. They will
> burn you at the stake if you don't come up with it.
>
> Consider:
> acc 100 deny icmp any any eq echo
> acc 100 deny icmp any any eq echo-reply <-- Is this even necessary?
> acc 100 perm ip any
>
> What do you guys think?
>
> Daniel C. Young
> Sr. Network Engineer
> (909) 221-1928 Direct
> dan.young@sbc.com
>
> SBC Internet Data Center
> 2681 Kelvin Ave.
> Irvine, CA 92614
> (949) 221-1900 Main
> (949) 221-1978 Fax
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:48 GMT-3