FirewallWizards
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [fw-wiz] PIX - acl breaks implicit outbound rule

from [Richard Shaw] [Permanent Link][Original]
To: "Firewall Wizards Security Mailing List" <firewall-wizards@listserv.icsalabs.com>
Subject: Re: [fw-wiz] PIX - acl breaks implicit outbound rule
From: "Richard Shaw" <richard@aggress.net>
Date: Thu, 24 May 2007 09:11:09 +0100
Delivered-to: sp-com-lists@consult.net
Delivered-to: fwwizards-list2@consult.net
Delivered-to: firewall-wizards@listserv.icsalabs.com
In-reply-to: <006601c79d65$87e8d7f0$0202fea9@ad.priorityhealth.com>
List-archive: <https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help: <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id: Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post: <mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
References: <aa7e63a0705220608x5dfc4108rc34185e1ca5696de@mail.gmail.com> <006601c79d65$87e8d7f0$0202fea9@ad.priorityhealth.com>
Reply-to: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender: firewall-wizards-bounces@listserv.icsalabs.com

Cheers Paul,

Yeah the most obvious solution was in fact the correct solution.  I put the rule back in manually and all appeared fine.   But then the whole PIX hung and I had to reboot it, whoops :)

On 5/23/07, Paul Melson <pmelson@gmail.com> wrote:
> However, it replaces the implicit outbound rule for Interface2 and breaks
all other outbound traffic on
> the interface.  My question is, what can I append to the above access
group to put the outbound rule
> back in?

As far as I know, you can't.  You will need to explicitly declare the
previously implied rule:

access-list Interface2toInterface1 deny ip 10.0.5.0 netmask 255.255.255.0
10.0.0.0 255.0.0.0 any
access-list Interface2toInterface1 permit ip 10.0.5.0 netmask 255.255.255.0
any


PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [fw-wiz] Best way to block incoming connections from open httpproxy servers?, lordchariot
Next by Date:  [fw-wiz] can iptables block incoming http connections from open proxy servers?, White Hat
Previous by Thread:  Re: [fw-wiz] PIX - acl breaks implicit outbound rule, Paul Melson
Next by Thread:  Re: [fw-wiz] PIX - acl breaks implicit outbound rule, James
Indexes:  [Date] [Thread] [Top] [All Lists]