in questo momento sono risuscito a bloccare il traffico che non desidero in entrata ed in uscita.
In pratica le mie regole sulle due interfacce sono le seguenti
Come posso permettere al pc 172.31.0.101 di scaricare tranquillamente da torrent?access-list 105 remark *** REGOLE IN INGRESSO ***
access-list 105 permit tcp any host 192.168.1.5 eq www log
access-list 105 permit udp any host 192.168.1.5 eq domain
access-list 105 permit tcp any host 192.168.1.5 eq ftp
access-list 105 permit tcp any host 192.168.1.5 eq ftp-data
access-list 105 permit udp any eq domain host 192.168.1.5
access-list 105 permit tcp any host 192.168.1.5 eq telnet
access-list 105 permit tcp any any established
access-list 105 permit gre any host 192.168.1.4
access-list 105 permit gre any host 192.168.1.5
access-list 105 permit tcp any eq ftp-data host 192.168.1.5
access-list 105 deny ip any any log
access-list 107 remark *** REGOLE IN USCITA ***
access-list 107 permit udp host 172.31.0.101 any eq domain
access-list 107 permit tcp host 172.31.0.101 host 172.31.0.100 eq telnet
access-list 107 permit tcp host 172.31.0.101 any eq www
access-list 107 permit tcp host 172.31.0.101 any eq 443
access-list 107 permit tcp host 172.31.0.101 any eq ftp
access-list 107 permit tcp host 172.31.0.101 any eq ftp-data
access-list 107 permit tcp host 172.31.0.101 host 188.165.57.254 eq 22
access-list 107 permit udp host 172.31.0.101 any eq 21
access-list 107 permit gre host 172.31.0.102 any
access-list 107 permit gre host 172.31.0.101 any
access-list 107 permit icmp host 172.31.0.101 any
access-list 107 permit icmp host 172.31.0.102 any
access-list 107 permit tcp any any established
access-list 107 deny ip any any log
Mi sembra che le porte cambino in continuazione...
