Table of Contents
Advertisement
To apply an ACL to an interface, enter the following command in Configure mode:
Apply ACL to an interface.
Applying ACLs to Services
ACLs can also be created to permit or deny access to system services provided by the IA;
for example, HTTP or Telnet servers. This type of ACL is known as a Service ACL. By
definition, a Service ACL is for controlling inbound packets to a service on the router. For
example, you can grant Telnet server access from a few specific hosts or deny Web server
access from a particular subnet. It is true that you can do the same thing with ordinary
ACLs and apply them to all interfaces. However, the Service ACL is created specifically to
control access to some of the services on the IA. As a result, only inbound traffic to the IA
is checked. Destination address and port information is ignored; therefore if you are
defining a Service ACL, you do not need to specify destination information.
Note:
If a service does not have an ACL applied, that service is accessible to everyone.
To control access to a service, an ACL must be used.
To apply an ACL to a service, enter the following command in Configure mode:
Apply ACL to a service.
Using ACLs as Profiles
You can use the acl command to define a profile. A profile specifies the criteria that
addresses, flows, hosts, or packets must meet to be relevant to certain IA features. Once
you have defined an ACL profile, you can use the profile with the configuration command
for that feature. For example, the Network Address Translation (NAT) feature on the IA
allows you to create address pools for dynamic bindings. You use ACL profiles to
represent the appropriate pools of IP addresses.
Internet Appliance User Reference Manual
Chapter 13: Access Control List Configuration Guide
<name>
acl
apply interface
input|output [logging on|off|deny-
only|permit-only][policy local|external]
<name>
acl
apply service
[logging [on|off]]
<interface name>
<service name>
219
Advertisement
Table of Contents
