Firewalls: Re: Changing a (cisco) firewall setup.

Firewalls
(July 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Changing a (cisco) firewall setup.
From:	Greg Nenych <gnenych @ ncrcan . canada . ATTGIS . COM>
Date:	Wed, 19 Jul 95 9:41:49 EDT
To:	firewalls @ greatcircle . com
In-reply-to:	<9507181950 . AA25794 @ wellspring . us . dg . com>; from "Jim Carroll" at Jul 18, 95 3:49 pm
Reply-to:	greg . nenych @ Canada . ATTGIS . COM

Jim Carroll writes:
> Rumour has it that on 18 Jul 95 at 10:45, Tony Li said:
> > Why hurt yourself in this way when there's a perfectly reasonable way
> > of doing the same thing without downtime?
> 
> The definition of "reasonable" becomes somewhat stretched when 
> there's no way (to my knowledge) of correcting typos or changing rule 
> order, short of retyping from scratch.

I think there's some confusion here about this point.  Let's say that
you have a setup something like

	access-list 101 whatever...
	interface ethernet 0
	ip access-group 101

and you want to change the access list in a secure manner.  To do this,
create a new access list, verify that you typed it in correctly, and then
apply it to the interface.

	access-list 102 whatever...
	interface ethernet 0
	ip access-group 102

- Greg
-- 
Greg Nenych   <greg .
 nenych @
 canada .
 attgis .
 com>
AT&T Global Information Solutions Canada Ltd.

References:

Re: Changing a firewall setup.
From: "Jim Carroll" <jcarroll @ wellspring . us . dg . com>

Indexed By Date	Previous:	Re: e-mail virus scanning through f/w From: Nick Simicich <njs @ scifi . emi . net>
Indexed By Date	Next:	e-mail virus scanning throught f/w From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Thread	Previous:	Re: Changing a firewall setup. From: "Jim Carroll" <jcarroll @ wellspring . us . dg . com>
Indexed By Thread	Next:	Re: Changing a firewall setup. From: "Crandall, John" <crandaje @ maritz . com>