I am working on an access list for my router and am a real Nervous Nellie about it. I have a mail server with six virtual hosts and a webserver with mail and ftp as well as a hundred virtual domains, all with their own IP addresses within the same Class C.
If I apply:
access-group 102 out
access-list 102 permit tcp host 100.100.100.3 any established
access-list 102 permit icmp host 100.100.100.3 any echo-reply
access-list 102 permit tcp host 100.100.100.3 any eq ftp
access-list 102 permit udp host 100.100.100.3 any eq domain
access-list 102 permit tcp host 100.100.100.3 any eq domain
to the interface for that Class C, assuming the above address to be the primary address of my webserver, will this keep my mail server and the other domains in that Class C from working by implicitly denying denying these packets from their addresses? If so, is there any benefit to applying these rules to the entire Class C? Do I need to add anything for incoming and outgoing mail?
Thanks!