Conventional wisdom says that its best to deny everything, the only
permit services that you wish. If you reverse the thought process
(deny specifics, permit everything else), chances are that you'll
leave gaping holes.
- paul
At 02:48 PM 8/29/96 +0100, Hadi Al-Ali wrote:
>
>Hi,
>
>I have an ACC danube router connected via ISP to Internet.
>
>I need to improve its filtering table to do something as follows:
>
>
>1-deny everything from Incoming
>2-allow mail from Incoming
>3-allow telnet from Incoming
>4-allow everything - Outgoing
>
>Do I need to put step 1 last , ie allow everything that I am interested in then
>deny the rest ?
>
>Anyone with a ready made ip filter table?
>
>Much appreciated.
>
>Hadi
>
>------------------------------------------Email: hadi @
lscope .
co .
uk-------------
>Anything that, in happening, causes itself to happen again, happens again!
>(Mostly Harmless - Douglas Adams) - Do.:% @
!^=/[]
>------------------------------------------Direct Line +44 (0) 171 880 5993-----
--
Paul Ferguson || ||
Consulting Engineering || ||
Reston, Virginia USA |||| ||||
tel: +1.703.716.9538 ..:||||||:..:||||||:..
e-mail: pferguso @
cisco .
com c i s c o S y s t e m s
|
|
