01-19-2004 05:29 AM - edited 03-09-2019 06:10 AM
I want to block a internal host from downloading and accessing all traffic from the internet.
01-19-2004 07:15 AM
conduits are for outside - inside.
time to start learning about access control lists. you can bind ACLs to the inside interface
access-list insideout deny tcp host host.ip.addr.here any eq 80
access-list insideout permit ip any any
access-group insideout in interface inside
that should do it
01-19-2004 07:58 AM
Thanks for your reponse, unfortunatly our firewall is still using conduits.
Could you please help me with denying a host on the inside from getting out.
01-19-2004 08:29 AM
Actually, conduits work for permitting or denying traffic both inbound and outbound. Give this a shot and see if it helps:
conduit deny ip any host
Scott
01-19-2004 12:56 PM
Hi Graig,
Just a usefull tip here:
Why don´t you take a look at Cisco´s Output Interpreter (available on CCO). This tool provides an easy way for migrating your conduit config into access-list config.
Allthough conduits work fine, Cisco has announced that future versions will not support them anymore (I think from version 7 and higher conduits will not be supported anymore).
So, maybe my post is a bit off topic, but I would really advise you to consider changing into access-lists (like the other guy mentioned before)
Kind regards,
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide