|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: it's here
> OK, but that's filtering. The telnet/ssh/snmp daemon is still > listening on all interfaces. You can't get there, as long as your > filter stands, but those are some hard filters to write. Creating a 'source interface' ACL for local services (vty's, snmp, sshd, *cough* httpd), etc would suit the purpose nicely, and make the GRE approach feasible w/o touching production paths. ...and an on-going wish of mine for an 'evaluate <extended _or_ reflexive>' syntax would simplify the maintance of ACL's in general. But of course, even under 12.2 snmp-server still insists on numbered acl's so maybe this is all overly optimistic. ..kg..
|