05-24-2007 11:21 AM - edited 03-11-2019 03:20 AM
Hello all,
I have an example here. I would like to block access to our mail server from a spammer using an access list. Can anyone tell me if this is correct?
Spammer: 201.86.141.99
Mail Server: 209.24.251.74
Would this be correct?
access-list access_list_name deny tcp 201.86.141.99 255.255.255.255 host 209.24.251.74 eq smtp
Thanks
05-24-2007 11:47 AM
Yes, or just use "host"
access-list access_list_name deny tcp host 201.86.141.99 host 209.24.251.74 eq smtp
access-list access_list_name permit tcp any host 209.24.251.74 eq smtp
access-group access_list_name in interface outside
05-24-2007 12:09 PM
Hi,
Though I'm taking the conversation to a different level, however this configuration will not be able to solve the issue if the Spammer is using a Spoofed IP or what if the Spammer changes the IP?
I would suggest / recommend that its quite unwise these days to NOT to have a good Anti-Spam software and by the way I have found that TrendMicro is one of the best AV / Security suite I have ever come across.
Kind Regards,
Wilson Samuel
05-25-2007 05:59 AM
Hello,
Thanks for the responses. Samuel, I do agree, it will only help to a certain extent temporarily. I would love to get an external spam based firewall setup.
I'm just curious with using access lists.
I can also use this command if I don't want a bad address to get anywhere:
access-list access_list_name deny tcp host 201.86.141.99 any eq smtp
This would be correct, right?
Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?
access-list access_list_name deny tcp 201.86.141.99 0.0.0.10 host 209.24.251.74 eq smtp
Would this block all i.p's from 201.86.141.99-201.86.141.109?
05-25-2007 06:06 AM
"I can also use this command if I don't want a bad address to get anywhere:
access-list access_list_name deny tcp host 201.86.141.99 any eq smtp"
Yes.
"Also, what is the difference if I we're to use a subnet mask after I.P? I know on the router you can specify the amount of hosts (ie, 0.0.0.15). Can you do the same on firewalls?"
You specify the subnet mask in firewalls, not a wildcard.
access-list access_list_name deny tcp 201.86.141.0 255.255.255.0 host 209.24.251.74 eq smtp
This would deny the entire 201.86.141.0 network.
"host 209.24.251.74" is also the same as "209.24.251.74 255.255.255.255"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide