Cisco IOS reflective ACL

Cisco Security

interface Cellular0
ip access-group public-inbound-packet-catcher in
ip access-group public-outbound-packet-listener out
!
ip access-list extended public-inbound-packet-catcher
remark -= icmp permit’s and deny’s =-
permit icmp any any net-unreachable
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny icmp any any
permit tcp any any eq 1723
permit gre any any
permit udp any eq isakmp any eq isakmp
permit esp any any
remark -= allow ssh and dns =-
permit tcp any any eq 22 log
permit tcp any any eq www log
permit udp any eq domain any
remark -= returning traffic =-
evaluate outside-access-in-reflexive-temporary-list
deny ip any any log-input
ip access-list extended public-outbound-packet-listener
permit tcp any any reflect outside-access-in-reflexive-temporary-list timeout 3600
permit udp any any reflect outside-access-in-reflexive-temporary-list timeout 3600