Tuesday, March 28, 2006

Cisco router filtering example

This is a router config set that will add filters to ethernet0. Something like it will be applied to the top level router in the to improve secuirty

config terminal
!
! make sure the DNS is setup
ip domain-name domain.name.com

ip name-server xx.xx.x.xx

!
! for lab-bb
! interface FastEthernet0/0
!
interface ethernet 0
no ip access-group 110 in
no ip access-group 110 out
exit
!
no access-list 110
!
! allow ssh to labgw (192.196.15.5)
access-list 110 permit tcp any host labgw eq 22
access-list 110 deny tcp any any eq 22
!
! allow ftp to
ftpserv (192.196.15.6)
access-list 110 permit tcp any host
ftpserv eq 21
access-list 110 deny tcp any any eq 21
!
! block rexec
access-list 110 deny tcp any any eq 512
!
! block rlogin
access-list 110 deny tcp any any eq 513
!
!block rcmd
access-list 110 deny tcp any any eq 514
!
!block telnet
access-list 110 deny tcp any any eq 23
!
! allow everything not explicitly denied.
access-list 110 permit ip any any
!
!
interface ethernet 0
ip access-group 110 out
exit

No comments: