Task 8.1. The ACL needing WWW or WWW syn?

Hi,

Just though that the ACL only really needs WWW and SYN for the logging of non RFC1918 addresses and configured it as such i.e.

ip access-list extended HTTP.LOG
 permit tcp 10.0.0.0 0.255.255.255 host 172.30.102.100
 permit tcp 172.16.0.0 0.15.255.255 host 172.30.102.100
 permit tcp 192.168.0.0 0.0.255.255 host 172.30.102.100
 permit tcp any host 172.30.102.100 eq www syn log-input
 permit ip any any

As it allows all tcp WWW traffic to hit the previous ACEs or am I wrong here and do I need eq WWW or eq WWW SYN to make a correct filter match to leave non RFC sources to hit eq WWW SYN?

Comments

  • JoeMJoeM ✭✭✭

    Hi RD,

    If this was for points, I think either way would fulfill the task.

    The workbook solution is just more explicit about what we are trying to do.  It is the 4th access-list line that we are wanting to log after the 1918 filtering.

  • I did this again recently and was pretty confident that I can even skip the host options on the first three lines but in the lab (coming soon) I'll probably go for the full option but without the syn flag as from my perspective it is only asking for trouble i.e. the SYN flag being seen in any part of the permit or deny statement potentially means it won't get matched where needed.

    Apologies for not testing this before speaking. I will.

Sign In or Register to comment.