Reflexive ACL

From: Nico van Niekerk (nico@vanniekerk.co.za)
Date: Sat Nov 27 2004 - 08:01:33 GMT-3

Next message: John Wong: "Re: Reflexive ACL"
Previous message: Tony Schaffran: "RE: home labs"
Next in thread: John Wong: "Re: Reflexive ACL"
Maybe reply: John Wong: "Re: Reflexive ACL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Does a reflexive acl stop processing when a match is made?

If so, doesn't ip include tcp as well when matching "ip any any"?

Should the evaluate statement in OUT_FILTER not be before the deny ip any
any?

ip access-list extended IN_FILTER

permit tcp any any reflect MIRROR

ip access-list extended OUT_FILTER

permit tcp any any eq bgp

permit tcp any eq bgp any

permit pim any any

permit icmp any any

deny ip any any

evaluate MIRROR

Strange how you think you understand something only to find out there's a
lot you're not sure about.

Next message: John Wong: "Re: Reflexive ACL"
Previous message: Tony Schaffran: "RE: home labs"
Next in thread: John Wong: "Re: Reflexive ACL"
Maybe reply: John Wong: "Re: Reflexive ACL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:50 GMT-3