Foundry ACL

From PrgmrWiki

There was an abuse report for an ip address from one of our subnets whose hosts we don't administer, and so it had to be cut off in the Foundry router. This router is a Fastiron 4802 with software version 07.6.04jT51. The ip addresses have been changed to private networks for documenting purposes.

This was the acl for the subnet originally:

permit ip 10.123.123.128 0.0.0.31 any
permit ip 193.168.231.0 0.0.0.31 any

and it was applied inbound to the interface on the subnet, so that only source ip addresses from the subnet would match. Then the implicit deny blocks everything else. Because the foundry acl commands on our router don't have line numbers for inserting a rule I removed the acl from the interface, deleted it with no ip access-list extended thenameoftheacl, and recreated it with a new rule:

deny ip host 10.123.123.141 any
permit ip 10.123.123.128 0.0.0.31 any
permit ip 192.168.231.0 0.0.0.31 any

Then I applied it inbound on the interface again. Now, that one ip address would match the rule for it to be denied before it would be permitted by the next rule for its subnet.