Международная научно-техническая конференция «Практическое применение технических и цифровых технологий и их инновационных решений», татуфф, Фергана, 4 мая 2023 г

Download 6,64 Mb. Pdf ko'rish
bet	237/312
Sana	22.05.2024
Hajmi	6,64 Mb.
	#249488

1 ... 233 234 235 236 237 238 239 240 ... 312

Bog'liq
3 tom

Outbound ACLs

Inbound ACLs
- Incoming packets are processed before they are
routed to the outbound interface. An inbound ACL is efficient
because it saves the overhead of routing lookups if the packet is
discarded. If the packet is permitted by the ACL, it is then
processed for routing. Inbound ACLs are best used to filter packets
when the network attached to an inbound interface is the only
source of packets that need to be examined.

Outbound ACLs
- Incoming packets are routed to the outbound
interface, and then they are processed through the outbound ACL.
Outbound ACLs are best used when the same filter will be applied
to packets coming from multiple inbound interfaces before exiting
the same outbound interface.
Writing ACLs can be a complex task. For every interface there may be
multiple policies needed to manage the type of traffic allowed to enter or exit
that interface. The router in the figure has two interfaces configured for IPv4 and
IPv6. If we needed ACLs for both protocols, on both interfaces and in both
directions, this would require eight separate ACLs. Each interface would have
four ACLs; two ACLs for IPv4 and two ACLs for IPv6. For each protocol, one
ACL is for inbound traffic and one for outbound traffic.
Here are some guidelines for using ACLs:

Sun’iy intelekt, axborot xavfsizligi texnikasi va texnologiyalari
Международная научно-техническая конференция «Практическое применение технических и
цифровых технологий и их инновационных решений», ТАТУФФ, Фергана, 4 мая 2023 г.
473

Use ACLs in firewall routers positioned between your internal
network and an external network such as the Internet.

Use ACLs on a router positioned between two parts of your
network to control traffic entering or exiting a specific part of your
internal network.

Configure ACLs on border routers, that is, routers situated at the
edges of your networks. This provides a very basic buffer from the
outside network, or between a less controlled area of your own
network and a more sensitive area of your network.

Configure ACLs for each network protocol configured on the
border router interfaces.


Download 6,64 Mb.

1 ... 233 234 235 236 237 238 239 240 ... 312

Download 6,64 Mb.

Pdf ko'rish