Yes, indeed. Filters on Cisco routers are interface-specific.
A collection of filtering statements is defined as an "access-list",
which can then be applied to one or more interfaces. Distinct interfaces
on a given router can be configured with distinct access lists.
Note that these access lists affect outgoing (as opposed to incoming)
traffic on the interfaces they are applied upon.
Roland Acra
Cisco Systems Europe
acra @
cisco .
com
>
> Darren Reed wrote:
> ...
> > To reduce both the size of filter rulesets as well as increasing
> > throughput of non-filtered traffic, it would seem better to be able
> > to setup a different filter rule set for each interface connected to
> > the host. Are there any working packet filters which are able to
> > operate in this way or does anyone know of any texts which discuss
> > this ? With this approach, you could more easily block packets from
> > outside which were trying to be internal hosts.
>
> Is't that the method the CISCO routers use?
>
> afx
> --
> Andreas Siegert / Postmaster IBM Deutschland GmbH | Never grep a yacc
> AIX Field Support Center Pocci Strasse 11 | by the i-node!
> Internet: afx @
ibm .
de D-8000 Muenchen 2 | Opinions are my own,
> VNET: SIEGERT @
MUNIVM4 Voice: (49)-(89)-7670-509 not IBM's.
>
References:
|
|
