02-17-2020 12:14 AM
Solved! Go to Solution.
02-17-2020 03:43 AM
Hello,
if you don't add the last line:
permit ip any any
then indeed, the implicit deny all will block all other traffic that is not explicitly permitted.
View solution in original post
02-17-2020 12:32 AM
exactly. IP includes all UDP and TCP protocols...
02-17-2020 12:41 AM - edited 02-17-2020 12:42 AM
so lets say for example i do deny ip host 192.168.1.3 any
does that mean it will block icmp, tcp , udp and others ?
or only tcp and udp ?
02-17-2020 12:54 AM
that's right, 'deny ip host 192.168.1.3 any' will block all protocols including ICMP.
02-17-2020 01:00 AM
wow dude thanks for answering that really cleared things up.
02-17-2020 01:09 AM
keep in mind that access lists are processed top down, so the order matters. If you want to e.g. allow ICMP, but deny anyting else, the access list would be:
permit icmp host 192.168.1.3 any
deny ip host 192.168.1.3 any
02-17-2020 01:32 AM - edited 02-17-2020 01:37 AM
alright so is this what you mean ?. so for example want to block ssh access to everyone else except on person.
would this work.
permit tcp host 192.168.1.2 any eq 22
deny tcp any any eq 22
permit ip any any-> I added this because i think there is a deny ip any any at the end by default ?
02-17-2020 01:40 AM
exactly. Looks like you got the hang of it.
This allows SSH for just that one host, 192.168.1.2, and denies SSH for all others. It allows everything else for all.
02-17-2020 01:48 AM - edited 02-17-2020 01:49 AM
does the implicit deny at the end block all traffic ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
