My facebook blocking ACL has stopped working

Posted by Josh on Server Fault See other posts from Server Fault or by Josh
Published on 2012-11-02T15:44:24Z Indexed on 2012/11/14 17:05 UTC
Read the original article Hit count: 377

Filed under:
|
|
|

This probably very simple. This was setup before I arrived, and has been working to block facebook. I recently eliminated some static port forwarding on this 2691 (as in, I don't think anything else has changed), and now facebook is once again accessible.

Why is this list not doing what it seems like it should be doing (and was doing)? Would an extended outbound ACL be more appropriate (I think that would have been my thought if I had been tasked with creating this in the first place)? Something different?

I've included below what I believe are the relevant parts of the config.

interface FastEthernet0/0
 ip address my.pub.ip.add my.ip.add.msk
 ip access-group 1 in
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto

access-list 1 deny   69.171.224.0 0.0.31.255
access-list 1 deny   74.119.76.0 0.0.3.255
access-list 1 deny   204.15.20.0 0.0.3.255
access-list 1 deny   66.220.144.0 0.0.15.255
access-list 1 deny   69.63.176.0 0.0.15.255
access-list 1 permit any

ip nat inside source list 105 interface FastEthernet0/0 overload
access-list 105 deny   ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 105 permit ip 192.168.0.0 0.0.0.255 any
access-list 105 permit ip 192.168.1.0 0.0.0.255 any

EDIT

ACL is once again blocking Facebook. Here is the new definition for those interested...

access-list 1 deny   66.220.144.0 0.0.7.255
access-list 1 deny   66.220.152.0 0.0.7.255
access-list 1 deny   69.63.176.0 0.0.7.255
access-list 1 deny   69.63.176.0 0.0.0.255
access-list 1 deny   69.63.184.0 0.0.7.255
access-list 1 deny   69.171.224.0 0.0.15.255
access-list 1 deny   69.171.239.0 0.0.0.255
access-list 1 deny   69.171.240.0 0.0.15.255
access-list 1 deny   69.171.255.0 0.0.0.255
access-list 1 deny   74.119.76.0 0.0.3.255
access-list 1 deny   173.252.64.0 0.0.31.255
access-list 1 deny   173.252.70.0 0.0.0.255
access-list 1 deny   173.252.96.0 0.0.31.255
access-list 1 deny   204.15.20.0 0.0.3.255
access-list 1 permit any

© Server Fault or respective owner

Related posts about cisco

Related posts about router