Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Ascend-Data-Filter
> Hey all,
>
> I'm in the process of setting up filtered access for our users, and would
> like to know if this syntax is correct for allowing a dialup user to access
> the servers located on 209.100.20.0/26, but NO other servers elsewhere on
> the 'net.
>
> Ascend-Data-Filter = "ip in forward dstip 209.100.20.0/26",
> Ascend-Data-Filter = "ip in drop",
Looks good.
> Ascend-Data-Filter = "ip out forward srcip 209.100.20.0/26",
> Ascend-Data-Filter = "ip out drop",
I don't think it's necesary that you do that. It's just an unnecesary
filtering burden. If you don't explicitely route any addresses other
than 209.100.20.0/26 to the customer, those will be the only
destination addresses the customer will see anyway - no need to filter.
(Unless you are using a dynamic routing protocol between you and the
customer, in which case you probably shouldn't be)
-Phil
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>