This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to block traffic to specific udp/tcp ports

How to block traffic to specific udp/tcp ports

Peter_Kulmbrein
New Contributor II

‎07-06-2016 06:34 AM

Hi all,

I try to block traffic on specific tcp/udp ports on my x450a switch
I tried that with an ACL packed in a .pol file

entry udp_acl1{ if { source-address 0.0.0.0/0; protocol udp; destination-port 1119 ; } then { count udp ; deny; } } entry tcp_acl{ if { source-address 0.0.0.0/0; protocol tcp; destination-port 1119; } then { count tcp ; deny; } } entry udp_acl2{ if { source-address 0.0.0.0/0; protocol udp; destination-port 3724 ; } then { count udp ; deny; } } entry tcp_acl2{ if { source-address 0.0.0.0/0; protocol tcp; destination-port 3724 ; } then { count tcp ; deny; } }
was what i entered - when applying nothing happens and the counters are empty.
Did open the application and see that there is traffic on that ports using netstat.

Did i miss something? do you have some ideas?

Regards,
Peter
0 Kudos
9 REPLIES 9

Peter_Kulmbrein
New Contributor II

‎07-06-2016 11:13 AM

the clue was the refresh policy command - after refreshing everything works fine now!
Thx for all your help guys!

0 Kudos

David_Choi
Extreme Employee
In response to Peter_Kulmbrein

‎07-06-2016 11:13 AM

Great!! Thanks for letting us know the cause. 
0 Kudos

Patrick_Voss
Extreme Employee

‎07-06-2016 10:45 AM

If it makes it to the then section the counter should increase.
0 Kudos

Peter_Kulmbrein
New Contributor II

‎07-06-2016 10:36 AM

Thanks ill give that a try -just for clarification the counter also runs if there are packets hit by deny right?
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN