INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

How to allow all outgoing traffic and block all incoming traffic with access list?

How to allow all outgoing traffic and block all incoming traffic with access list?

How to allow all outgoing traffic and block all incoming traffic with access list?

(OP)
Using Cisco PIX 515E firewall
Version 7.2(4)25
Unrestricted (UR) license

This is my current configuration:

config t
int e0
ip address dhcp setroute
nameif outside
no shut

int e1
ip address 10.1.1.1 255.0.0.0
nameif inside
no shut
exit

global (outside) 1 inter
nat (inside) 1 10.0.0.0 255.0.0.0

icmp deny any outside

RE: How to allow all outgoing traffic and block all incoming traffic with access list?

By default (providing the required translations are configured between the interfaces) the traffic from interfaces with higher security levels to those with lower security is allowed and it is is blocked in the opposite direction. PIX will assume security level 0 for the nameif "outside" and 100 for "inside". So you should be all set. Still for clarity I would add under int e0:
security-level 0 
and under e1:
security-level 100 

You may also find this Link useful.

RE: How to allow all outgoing traffic and block all incoming traffic with access list?

I would suggest the following:

access-list acl_out extended deny ip any any

access-group acl_out in interface outside

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close