I have been writing classes for the 2920 and 2930 switches. I'd like to be able to allow devices to respond to a tcp connection but not initiate one. What is the established flag? There isn't actually an established flag so what does it do?
match tcp 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 established
I can do something to match the syn flag and drop it then allow all other IP but that uses more resources and the 2920 is pretty resource constrained. If I could do what I want in one rule, I'd prefer it.
------------------------------
Chris Ross
------------------------------