Firewall Madness



  • I'm cleaning up the firewall at one of our datacenters, and I'm finding multiple instances of ACLs similar to the following:

    access-list RTSP extended deny tcp any4 any4 eq rtsp
    access-list RTSP extended deny tcp any4 host 67.113.51.34 eq rtsp
    access-list RTSP extended deny tcp host 67.113.51.34 eq rtsp any4
    access-list RTSP extended permit tcp any4 any4 eq rtsp
    access-list RTSP extended permit tcp any4 eq rtsp any4

    This is a Cisco ASA 5510. I am not, by any means, an ASA expert, but if my knowledge about ACLs is correct...the first statement in that ACL makes the remaining statements superfluous. Am I wrong?


  • Banned

    Is the ordering the same as shown? depending on the ordering it may be used for filtering down the statements.


Log in to reply