04-30-2003 10:48 PM - edited 02-20-2020 10:42 PM
I want to block some multimedia ports of some specific users on pix firewall . can you please tell me the methods and commands used in it . Your help will be highly appreciated in it .
05-01-2003 05:14 AM
You have to write an access list and then apply it to an interface. In the configuration shown below, replace 9999 with the multimedia port number you want to block.
The following access-list would block tcp port number 9999 for the
204.14.253.0 255.255.255.0 subnet. I am giving the name acl_in to the access list.
access-list acl_in deny tcp 204.14.253.0 255.255.255.0 any eq 9999
The kewyword 'any' means anywhere on the internet.
If you want to block only for specific hosts (let's say 204.142.253.55), you can write the access-list with the keyword 'host' as shown
access-list acl_in deny tcp host 204.14.253.55 any eq 9999
You can write multiple access-lists for multiple hosts.
In order to apply the access lists to the interface named inside, use:
access-group acl_in in interface inside
'in' is a keyword meaning inbound traffic.
hope that helps!
vik
05-03-2003 01:13 AM
thanks for the information , and for multimedia applications do i need to modify changes in fixup protocol commands like fixup protocol h323 1720
05-04-2003 09:47 PM
You shouldn't need to touch the fixups if you want to just block specific ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide