From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Sat Mar 01 2003 - 02:00:32 GMT-3
xin
I looked at this. I think someone is pulling your chain. (wasting your time)
The 4 lines in the original deny list seem to be the best. You could get it
down to 2 lines fairly easily (you can find the wildcard mask of any 2 IP
nets by doing an exclusive OR on them) but there is no way that I can see to
get your 4 entries down to 1 without, as you noted, letting other nets in.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
xin tang
Sent: Friday, February 28, 2003 9:01 PM
To: ccielab@groupstudy.com
Subject: Access-list
I saw a question somewhere which requires to configure
an
ACL using as few lines as possbile to accomplish this:
deny tcp from subnet 102.17.63.0/24
deny tcp from subnet 126.22.61.0/24
deny tcp from subnet 111.22.57.0/24
deny tcp from subnet 125.33.101.0/24
and permit all other ip traffic
The solution is something like
access-list 110 deny tcp 100.0.33.0 27.55.94.255 any
access-list 110 permit ip any any
However, this ACL will block traffic from other
subnets as well, for
example, traffic from subnet 103.0.33.0/24 will be
blocked.
Any idea on a valid solution?
Thanks.
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:30 GMT-3