|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Protecting inbound interfaces (re: Cisco exploit)
On Fri, Jul 18, 2003 at 06:07:08AM -0700, Rick Ernst wrote: > > > Is there a way to globally protect all inbound interfaces on a router via ACL > (specifically hundreds of frame/sub-interfaces) without applying the same ACL > to each individual interface? I believe something like this will work: no access-l 198 access-list 198 deny 53 any any log-input access-list 198 deny 55 any any log-input access-list 198 deny 77 any any log-input ! access-list 198 permit pim host xx.xx.xx.xx 224.0.0.0 31.255.255.255 ! access-list 198 deny pim any any log-input access-list 198 permit ip any any ! !end replace xx.xx.xx.xx with real ip address if you have PIM running, if you don't, remove that line. > Is the "line vty" config only for telnet/ssh, etc. or is it the magic global > that I'm looking for? No. I don't think so. -Basil @ CIFNet
|