Re: (ASCEND) Ascend-Data-Filter

To: "Troy Settle" <st@i-Plus.net>
Subject: Re: (ASCEND) Ascend-Data-Filter
From: Phillip Vandry <vandryp@psi.ca>
Date: Thu, 6 Jan 2000 11:40:54 -0500 (EST)
cc: ascend-users@bungi.com
In-reply-to: Your message of "Thu, 06 Jan 2000 11:03:38 EST." <FNEMIHIFMKFBMDBKFDPBCEINCAAA.st@i-plus.net>
Sender: owner-ascend-users@max.bungi.com

> Hey all,
> 
> I'm in the process of setting up filtered access for our users, and would
> like to know if this syntax is correct for allowing a dialup user to access
> the servers located on 209.100.20.0/26, but NO other servers elsewhere on
> the 'net.
> 
>  Ascend-Data-Filter = "ip in forward dstip 209.100.20.0/26",
>  Ascend-Data-Filter = "ip in drop",

Looks good.

>  Ascend-Data-Filter = "ip out forward srcip 209.100.20.0/26",
>  Ascend-Data-Filter = "ip out drop",

I don't think it's necesary that you do that. It's just an unnecesary
filtering burden. If you don't explicitely route any addresses other
than 209.100.20.0/26 to the customer, those will be the only
destination addresses the customer will see anyway - no need to filter.
(Unless you are using a dynamic routing protocol between you and the
customer, in which case you probably shouldn't be)

-Phil
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:
- (ASCEND) Ascend-Data-Filter
  - From: "Troy Settle" <st@i-Plus.net>

Prev by Date: (ASCEND) Ascend-Data-Filter
Next by Date: (ASCEND) Have you been naughty yet this year? Want to be? :)
Prev by thread: (ASCEND) Ascend-Data-Filter
Next by thread: (ASCEND) Have you been naughty yet this year? Want to be? :)
Index(es):
- Date
- Thread