Guidance on when to use extended access-lists that cover both directions of a tcp flow (any an eq 2065, any eq 2065 any)

From: Thomas Larus (tlarus@xxxxxxx)
Date: Thu Jun 13 2002 - 13:04:31 GMT-3

• Next message: MADMAN: "Re: Channeling"
• Previous message: Denise Donohue: "RE: Hunt for Peter Rosenthal"
• Next in thread: Nick Shah: "Re: Guidance on when to use extended access-lists that cover both directions of a tcp flow (any an eq 2065, any eq 2065 any)"
• Maybe reply: Nick Shah: "Re: Guidance on when to use extended access-lists that cover both directions of a tcp flow (any an eq 2065, any eq 2065 any)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I love the feature in custom and priority queuing that permits you to
specify a port number or name and it will catch both directions), but what
about where you have to use an extended access-list to specify your traffic.
Any general rule of thumb about when to specify the port in both directions.
Example.
access-list 165 permit any any eq 2065
access-list 165 permit any eq 2065 any

You can't always be sure who will be initiating the tcp session (unless
someone tells you its a webserver, so all www sessions will be initiated by
surfers. Even then, I can't believe it would always be that simple.

• Next message: MADMAN: "Re: Channeling"
• Previous message: Denise Donohue: "RE: Hunt for Peter Rosenthal"
• Next in thread: Nick Shah: "Re: Guidance on when to use extended access-lists that cover both directions of a tcp flow (any an eq 2065, any eq 2065 any)"
• Maybe reply: Nick Shah: "Re: Guidance on when to use extended access-lists that cover both directions of a tcp flow (any an eq 2065, any eq 2065 any)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:32 GMT-3