"any any svc-dhcp permit" stops HTTP/HTTPS traffic?
I have a hardcoded public IP on my WAN interfaces, so don't think I need to do anything with NAT or DHCP.
Based on the OP and response, I added this:
ip access-list stateless BLOCK-EXTERNAL
any any svc-ssh deny
any any svc-ftp deny
any any svc-ntp deny
any any any permit
!
interface-profile switching-profile "WANProfle"
access-vlan 99
native-vlan 99
!
interface vlan "99"
ip access-group in "BLOCK-EXTERNAL"
ip address xx.xx.xx.xx 255.255.255.252
!
and that has indeed blocked SSH. But my syslogs are showing httpd attempts from external addresses. Is there a svc-http, svc-https that could be added to the service deny list? Or would that block all web traffic through the switch? I certainly don't want that!
Thanks for your help!