Filtering IP Traffic 469
Extended IP Access Lists, Example 2
Figure 7-5 presents the network diagram for another example on extended IP access lists.
Figure 7-5
Network Diagram for Extended Access List, Example 2
The filtering criteria for this extended access list example is more complicated:
1
The Web server (Daffy) is available to all users.
2
UDP-based clients and servers on Bugs are not available to hosts whose IP addresses are
in the upper half of the valid IP addresses in each subnet. (Note: The subnet mask used is
255.255.255.0.)
3
Packets between hosts on the Yosemite Ethernet and the Seville Ethernet are allowed only
if packets are routed across the direct serial link.
4
Clients Porky and Petunia can connect to all hosts except Red.
5
Any other connections are permitted.
Bugs
10.1.1.1
Sam
10.1.2.1
Emma
10.1.2.2
Elmer
10.1.3.1
Red
10.1.3.2
Daffy
10.1.1.2
Albuquerque
NFS
Web
Seville
Yosemite
s1
s1
s1
s0
s0
s0
Porky
10.1.1.130
Petunia
10.1.1.28
ch07.fm Page 469 Monday, March 20, 2000 5:14 PM