Firewalls: Re: Filtering by Source Port

Firewalls
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Filtering by Source Port
From:	scott @ zorch . sf-bay . org (Scott Hazen Mueller)
Organization:	At Home; Salida, CA
Date:	Tue, 23 Apr 1996 14:01:04 GMT
Apparently-to:	firewalls @ greatcircle . com
Distribution:	zorch
Newsgroups:	zorch.lists.firewalls
References:	<199604221540 . IAA21891 @ dfw-ix7 . ix . netcom . com>
Reply-to:	scott @ zorch . sf-bay . org

>>ps. When I talked to Cisco Tech Support they couldn't understand why anyone
>>would even want to filter by source port.

>I don't understand why you would want to filter by source port either.  

Given x.y.z.0 as your internal network:

access-list 101 permit tcp any eq ftp-data x.y.z.0 gt 1023

It's sure not perfect, but if you don't have an active gateway, it's a tiny
bit better than just allowing random TCP connections to internal high ports.

-- 
Scott Hazen Mueller | scott @
 zorch .
 SF-Bay .
 ORG or tandem!zorch!scott

References:

Re: Filtering by Source Port
From: lasdsdn @ ix . netcom . com (LASD DSB)

Indexed By Date	Previous:	Re: configuring a firewall with firewall1 From: Mike . Jones @ unifiedtech . com (Mike Jones)
Indexed By Date	Next:	Re: Hacker Profile From: Bruce Marshall <brucem @ wichita . fn . net>
Indexed By Thread	Previous:	Re: Filtering by Source Port From: lasdsdn @ ix . netcom . com (LASD DSB)
Indexed By Thread	Next:	smap question... From: "Ing. Rosa Isela Gonzalez Alvarez." <rgonzale @ leo . uacj . mx>