Cisco 2501s can do source port try this command
access-list 101 permit tcp any eq ?
you'll see it says source port is the next thing you should type.
----------
From: Mr. Jeremy Hall[SMTP:jhall @
rex .
isdn .
net]
Sent: Thursday, April 18, 1996 1:22 AM
To: BARACCUS @
aol .
com
Cc: firewalls @
greatcircle .
com
Subject: Re: Filtering by Source Port
Hi,
The only way I could see filtering on source port is on an outbound
acess-list. For example, let us assume that in IOS 10.3 and greater, we
have access-list 101 applied inward and access-list 102 applied outward.
router(config)# interface ethernet0
router(config-if)# access-group 101 in
access-group 102 out
Assuming you only wanted to allow telnets to a host and no other traffic
what-so-ever.
access-list 101 permitip any host telnethost eq 23
access-list 101 deny ip any any log
access-list 102 permit ip host telnethost eq 23 any
access-list 102 deny ip any any log
-->
-->In Brent's book Building Internet Firewalls it says that the ability to
-->filter by source port is very important. We have a Cisco 2501 which I just
-->found out can't filter by source port. If Cisco routers can't do source port
-->filtering then what routers can????
-->
-->Thanks,
-->Kevin
-->
-->ps. When I talked to Cisco Tech Support they couldn't understand why anyone
-->would even want to filter by source port.
-->
--
-------------------------------------------
| Jeremy Hall Chief Network Engineer |
| P.O. box A266 MTSU +1-615-898-3090 |
| Murfreesboro, TN 37132 +1-615-893-3984 |
| jhall @
isdn .
net Pager +1-615-702-0750 |
-------------------------------------------
Follow-Ups:
|
|
