Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1392
Views
0
Helpful
3
Replies

Access Lists to block a range of ports

kevinjames
Level 1
Level 1

‎02-29-2004 08:17 AM - edited ‎03-09-2019 06:35 AM

Is there a way to use an access list to block a range of ports or do I have to put them all in seperately? Also I searched the forum and am suprised this hasnt been mentioned yet, but I am trying to block a user on our network from downloading using a new p2p program or network called bit torrent. If anyone has any info that can help me with that it would be greatly appreciated. Here are some FAQ pages on it:

http://bitconjurer.org/BitTorrent/FAQ.html

http://krypt.dyndns.org:81/torrent/faq.html

Labels:
0 Helpful
3 Replies 3

kevinjames
Level 1
Level 1

‎02-29-2004 08:50 AM

Sorry, I should add that I am trying to do this with a PIX 515.

0 Helpful

ciscoacs
Level 1
Level 1
In response to kevinjames

‎03-01-2004 02:59 AM

it's easy if you use pdm as the access list has the range option as a drop down menu.

otherwise the command line is as follows in this example:

access-list acl_dmz1 deny tcp any host 192.168.1.3 any range 1024 2025 - this will deny all ports 1024-2025.

sam

0 Helpful

laje
Level 1
Level 1

‎03-01-2004 05:37 AM

Try Object grouping

i.e

object-group service tcp|udp|tcp-udp

port-object eq

port-object range

Then reference the in your access-list

i.e for bit torrent

object-group service BitTorrent tcp

port-object range 6881 6999

access-list Inside_in deny tcp any any object-group BitTorrent

Lets know how u get on

Regards

0 Helpful
Customers Also Viewed These Support Documents