03-03-2005 09:48 AM - edited 03-09-2019 10:31 AM
I would like to know where is the best place to implement a blackhole list against spammers.
@ the PIX rules
@ the BGP border router
Thanks,
Dave
03-04-2005 08:35 AM
What type of mail server do you have? I would recommend a dynamic RBL server rather than trying to maintain ACLs on a network device.
I would recommend that you do it on the pix.
1.It is by design meant to be the central point of access control to the outside world.
2.The use of turbo ACLs allows the pix to use very long ACLs very efficiently, with all lookups being done in a hash table in 5 steps.
3. The use an object-group would make the administration simple. Rather than modifying an ACL, you would simply add a new address to the object-group that is already referenced in an ACE.
03-04-2005 09:09 AM
Do you have a URL to a config sample? Does it work with PIX 6.2?
Thanks,
Dave
03-04-2005 10:34 AM
If you're talking about object-groups, the URL below explains their use.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide