Methods to block port in pix

haseeb_eng · ‎04-30-2003

I want to block some multimedia ports of some specific users on pix firewall . can you please tell me the methods and commands used in it . Your help will be highly appreciated in it .

vikrantarora · ‎05-01-2003

You have to write an access list and then apply it to an interface. In the configuration shown below, replace 9999 with the multimedia port number you want to block.

The following access-list would block tcp port number 9999 for the

204.14.253.0 255.255.255.0 subnet. I am giving the name acl_in to the access list.

access-list acl_in deny tcp 204.14.253.0 255.255.255.0 any eq 9999

The kewyword 'any' means anywhere on the internet.

If you want to block only for specific hosts (let's say 204.142.253.55), you can write the access-list with the keyword 'host' as shown

access-list acl_in deny tcp host 204.14.253.55 any eq 9999

You can write multiple access-lists for multiple hosts.

In order to apply the access lists to the interface named inside, use:

access-group acl_in in interface inside

'in' is a keyword meaning inbound traffic.

hope that helps!

vik

haseeb_eng · ‎05-03-2003

thanks for the information , and for multimedia applications do i need to modify changes in fixup protocol commands like fixup protocol h323 1720

gfullage · ‎05-04-2003

You shouldn't need to touch the fixups if you want to just block specific ports.