привет всем.создаю ACL на pix 501 чтобы запретить мультимедиа трафик с youtube.com
HermesYuzhno(config)# sh access-list block_stream
access-list block_stream; 37 elements
access-list block_stream line 1 deny tcp any host 74.125.67.100 eq 554
access-list block_stream line 2 deny udp any host 74.125.67.100 eq 554
access-list block_stream line 3 deny udp any host 74.125.67.100 eq 2979
access-list block_stream line 4 deny tcp any host 74.125.67.100 eq 2979
access-list block_stream line 5 deny tcp any host 74.125.67.100 eq 1790
access-list block_stream line 6 deny udp any host 74.125.67.100 eq 1790
access-list block_stream line 7 deny udp any host 74.125.67.100 eq 1755
access-list block_stream line 8 deny tcp any host 74.125.67.100 eq 1755
access-list block_stream line 9 deny tcp any host 74.125.67.100 eq 1736
access-list block_stream line 10 deny udp any host 74.125.67.100 eq 1736
access-list block_stream line 11 deny udp any host 74.125.67.100 eq 537
access-list block_stream line 12 deny tcp any host 74.125.67.100 eq 537
access-list block_stream line 13 deny tcp any host 74.125.127.100 eq 537
access-list block_stream line 14 deny udp any host 74.125.127.100 eq 537
access-list block_stream line 15 deny udp any host 74.125.127.100 eq 1736
access-list block_stream line 16 deny tcp any host 74.125.127.100 eq 1736
access-list block_stream line 17 deny tcp any host 74.125.127.100 eq 1755
access-list block_stream line 18 deny udp any host 74.125.127.100 eq 1755
access-list block_stream line 19 deny udp any host 74.125.127.100 eq 1790
access-list block_stream line 20 deny tcp any host 74.125.127.100 eq 1790
access-list block_stream line 21 deny tcp any host 74.125.127.100 eq 2979
access-list block_stream line 22 deny udp any host 74.125.127.100 eq 2979
access-list block_stream line 23 deny udp any host 74.125.127.100 eq 554
access-list block_stream line 24 deny tcp any host 74.125.127.100 eq 554
access-list block_stream line 25 deny tcp any host 74.125.45.100 eq 554
access-list block_stream line 26 deny udp any host 74.125.45.100 eq 554
access-list block_stream line 27 deny udp any host 74.125.45.100 eq 2979
access-list block_stream line 28 deny tcp any host 74.125.45.100 eq 2979
access-list block_stream line 29 deny tcp any host 74.125.45.100 eq 1790
access-list block_stream line 30 deny udp any host 74.125.45.100 eq 1790
access-list block_stream line 31 deny udp any host 74.125.45.100 eq 1755
access-list block_stream line 32 deny tcp any host 74.125.45.100 eq 1755
access-list block_stream line 33 deny tcp any host 74.125.45.100 eq 1736
access-list block_stream line 34 deny udp any host 74.125.45.100 eq 1736
access-list block_stream line 35 deny udp any host 74.125.45.100 eq 537
access-list block_stream line 36 deny tcp any host 74.125.45.100 eq 537
access-list block_stream line 37 permit tcp any any
access-list block_stream line 37 permit udp any any
access-group block_stream in interface inside
после чего блокируется весь трафик. что я делаю не так? мне нужно запретить эти порты только на это 3 ip
ps. сильно не пинайте если что, я новичок в этом деле
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (ACL, фильтрация и ограничение трафика)
(??) on 07-Май-10, 03:29 
