Need Help Blocking Port 53

Similar Messages

• I need help blocking outgoing traffic.

  I need to block all outgoing traffic on port 8008 to a specific IP address. I have been told by the guys at the genius bar that this can be done but I can't make it happen. This is imperative to my work. I am currently being blacklisted by my web host every ten minutes because something which can't be identified on our network is probing our web hosts IP using port 8008. I know this can be done on other wireless routers but I can't find how to do it on my 802.11n Extreme. There are several advantages to the extreme and I would like to continue to use it but I can't if I can't block that port.
  Can someone please help me?

  That's completely stupid. Why on earth does apple even make a router if they are not capable of keeping it up to par with other routers on the market. I admit it has several neat features but they are useless if I can't use it. Guess I'll have to use a cheapo Netgear router. They will at least allow me to block a port if I so desire.

• HT201304 i need help blocking safari for explicit material for my iphone 4s. any ideas

  i really need help setting up a parental control of some kind on a iphone 4s for mt 12 year old son any help would be appreciated.

  You can't restrict Safari on the iPhone other than to turn it off.  My recommendation is that you turn it off in restrictions, then use an alternate browser from the app store that offers this capability, such as McGruff Safeguard Browser.

• Need Help on Port Blocking in ASA

  Dear All,
  I have configured firewall and allow only port 443 and deny all tcp ports for destination, but when i am scanning from port scanner it shows several tcp ports are enabled.. need your seuggestion and help on it.. how to block these tcp ports..
  Early response is required..
  Thanks

  Hi,
  Still don't know the ports that were supposedly open.
  Though if that is the ACL you have bound to the "outside" interface on the ASA then it should be blocking the connections through the ASA for everything else other than the TCP/443 for a single destination IP address.
  Then there is naturally the ASAs own services and ports on which its listening on.
  You can check that with the following command
  show asp table socket
  Most likely the ports that are open on the ASA are the ones used for management purposes perhaps
  Those set with the following commands
  telnet
  ssh
  http
  You also have the option to create an ACL that blocks all traffic to the ASA "outside" interface IP address. You can then attach it with "access-group" command
  access-group in interface outside control-plane
  This would limit the "To the Box" traffic. Though the above mentioned management commands "telnet", "ssh" and "http" would still override this ACL.
  - Jouni

• Need Help Blocking Xbox Live Ports on ES4200

  Can someone instruct me on best method for blocking access to Xbox Live on my ES4200? I want to prevent my niece/nephew from hogging bandwidth and/or limit/restrict their usage.  Please advise.
  Thank you,
  Nicky

  Hi Nicky, is your router E4200 or ES4200? If your Xbox is connected wirelessly, all you need to do is access the setup page of the router. Look for this page http://ui.linksys.com/files/E4200/1.0.00/Status_Lan.html and click the DHCP client table option.
  You will find the MAC address of your Xbox on the list, just take note of it and go this tab on the page http://ui.linksys.com/files/E4200/1.0.00/Wireless_MAC1.html. Once you're there, enable the Wireless Mac Filter and select the option Prevent. Input the Mac address of the Xbox on the list and make sure to save the settings. Hope this will help you. Update us!

• Need help with port mapping on Airport Utility 6.1

  Ive been trying to port map on my TC with Airport Utility 6.1 and failing miserably. Port still closed. Can anyone advise where Im going wrong? Am trying to set up my home camera to be viewed outside.
  I managed to key in the ports etc under Network and Port Settings. But nothing works. I'm tearing my hair out.
  Any suggestions to try would be helpful.
  Thanks

  Use the 5.6 utility.. it is much easier and I think works better.. although you cannot load 5.6 directly into 10.8 the version for Lion actually works fine.
  Download 5.6.
  http://support.apple.com/kb/DL1482
  Download unpkg
  http://www.macupdate.com/app/mac/16357/unpkg
  Open the AU 5.6 dmg and drag the pkg over the open unpkg.. it will create the directory on the desktop. You can either run it from there or drag the utility to your utilties directory.
  Take screen shots of each step. Post them here.
  That way we can tell you where it has gone wrong.
  What port exactly does the camera need open?
  How are you connecting remotely?
  ie do you have a fixed public IP?? If not how are you getting IP?
  Is the TC the only router in the network.. it is irrelevant unless the TC is the one and only router.

• Need help identifying ports needed to access a website.

  I am trying to access the following site:
  Interactive mapping | City of Lawrence, Kansas
  At the bottom of the page is a button that states "I agree with the above disclaimer".
  When I press that button, I am redirected to this site:
  http://ims03.ci.lawrence.ks.us:10002/iisstart.htm
  I have added these rules:
  Source Interface: All
  Destination Interface: Public Interface
  Packet Type: MapSite Out
  Protocol: TCP
  Source Port: 1024-65535
  Destination Port: 10002
  Source Address: All
  Destination Address: 208.191.35.52
  Source Interface: All
  Destination Interface: Public Interface
  Packet Type: MapSite In
  Protocol: TCP
  Source Port: 10002
  Destination Port: 1024-65535
  Source Address: 208.191.35.52
  Destination Address: All
  I get a "Loading the viewer" text message, but then eventually get a 504 Gateway TimeOut error.
  If I drop the BorderManager Firewall...
  unload ipflt
  unload ipxflt
  unload filtserv
  then the site works just fine.
  I just can't seem to get the filter exceptions correct for this site.
  Any help would be appreciated.

  In article <[email protected]>, Cadd wrote:
  > Source Interface: All
  > Destination Interface: Public Interface
  > Packet Type: MapSite Out
  > Protocol: TCP
  > Source Port: 1024-65535
  > Destination Port: 10002
  > Source Address: All
  > Destination Address: 208.191.35.52
  >
  This looks good. TCP packets with dest. Port 10002 will be allowed to
  pass through BM only if they go from the private to the public
  interface, and only if they are addressed to 208.191.35.52. So far so
  good, but since you made this non-stateful, you have to add a return
  exception. (Easier for you to make another exception, like '10002-st'
  and just enable the stateful feature on it).
  Your goal in the next exception is to allow the replies to these
  outbound packets. Everything will be reversed in the exception for the
  replies - interfaces, ports and addresses.
  > Source Interface: All
  > Destination Interface: Public Interface
  > Packet Type: MapSite In
  > Protocol: TCP
  > Source Port: 10002
  > Destination Port: 1024-65535
  > Source Address: 208.191.35.52
  > Destination Address: All
  >
  This one is the problem. It only allows the 10002 replies (source
  port) from 208.191.35.52 if the reply is passing through the public
  interface second. You did not reverse the interfaces. The packet
  needs to go from public to private (or public to all if you have more
  than one private interface). This exception is not allowing the return
  in, which you would see if you have filter debug enabled looking at tcp
  discards. You would see ACK packets with source port 10002 being
  discarded.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• NEED HELP BLOCKING A CALL

  I keep getting a call from a 9 digit number, call doesn't come through but phone rings until I answer, can't block it because it's only 9 numbers, please help ! They are waking me, annoying me, getting very frustrated, can't get in touch w/Verizon people !

      That sounds very annoying lluscher! Please try tapping the i in the circle on the right side of that number from your call log, then scroll down and tap block number. This has worked for me with any number. I have the latest iOS version 7.1, if you don't have this version please update your software and then try the above steps. Keep us posted.
  AntonioC_VZW
  Follow us on Twitter at www.twitter.com/VZWSupport

• Need help adding ports to my router.

  I have a Linksys WRT54GS Router. I am having an issue with Xbox Live and I was told by Xbox customer support to add the ports UDP 88, UDP 3674, and TCP 3074. The problem is is that I have no idea how to do this. I am at the Applications & Gaming tab of the Router page (192.168.1.1), I just don't know where to put the numbers. Any help is greatly appreciated.

  First, setup up a static IP address on the XBOX. I can't tell you how to do that. Check the manual. Currently the XBOX is probably on "automatic IP address" or "DHCP" or whatever they have called it. Set up a static IP address and use these numbers on the XBOX:
  IP Address 192.168.1.50
  Subnet Mask 255.255.255.0
  Default Gateway 192.168.1.1
  DNS 192.168.1.1
  If the XBOX has some Status pages to check the current IP address verify that you have those values after the change. Also verify you have a working internet connection on the XBOX.
  Now the port forwarding. I assume it looks something like this demo UI. For port UDP 88 enter
  Application udp88
  Start 88
  End 88
  Protocol UDP
  IP address 192.168.1.50
  Enable SET
  Do similar with all other ports. The application name is only a descriptive text for you. You can enter anything you like, but keep it short and simple and don't use special characters in the name. The above "udp88" is O.K.
  Don't forget to save the settings at the end.

• Need help: wired ports cycling (no, 10M, 100M)...

  I ahve the WRTP54G purchased as part of a Vonage package. Has been working great for last 7 months. Just recently, I had an issue with a laptop wired connection, where all of the 4 wired ports cycle about 2-3 seconds through no connect, 10M, 100M. I've tried the laptop & CAT-5 (short) cable on another router and it works fine. Also, I have no problems with the wireless access port from another laptop. ANsd, no issues with the Vonage phone port. I've tried power down as well as the reset button and no change. Accessing the admin page, I don't see anything related to ENET port changes/configs to try. Anyone seen this and have any suggestions? Last resort I'll get a replacement (does anyone know the warranty period?) Thanks!

  Acabanave Thanks for the suggestion, tried a different computer, same results. I'll check on the firmware. When I looked into this before, it was at the latest version. Since this is a Vonage-based router, I don't believe I have access for firmware updates without them pushing it. I'll bet I have "bum" HW for these ports (I was trying to remember if we had any t-storms in the area before it went out, but I don't think so...I lost a previous Linksys box due to lightning. I have a heavy-duty surge suppressor on the cable and power lines...but you never know about mother nature :-) Guess I need to check the warranty period on the box. I've had it since August with no issues until now.

• Need help blocking poker website

  is there any programs that will stop websites like party poker from popping up, i use safari and chrome to browse the internet, and when i think i've blocked these sites they pop up. Any help would be much appreciated
  Frank

  That's ok. Just wanted to make sure.
  From your Safari menu bar click Safari / Block Pop-Up Windows.
  See if that helps.
  If not, try GlimmerBlocker. It's now compatible with v10.7 and free.
  http://glimmerblocker.org/
  I've had good luck with GlimmerBlocker for several years. You can access the settings from System Preferences / Other / Glimmer Blocker.

• Need help with port forwarding an Avtech DVR

  For some reason I can't get my Avtech DVR to work on my android phone on Avtech's Eagle Eyes app.
  The camera/dvr comes up on wifi, but not on 4g. I am trying to get the port forwarding to work, but its not working. It says the ip address is not accesible.
  The port for the dvr is 80. This is what I have. I thought it was correct?
   I have a Westell 9100EM router.
  Solved!
  Go to Solution.

  Thought I'd post an update to this. I fixed it. I had to change ports on my dvr.

• Need help with porting from Java 1.1 to 1.4

  One of our applications is an applet and we're in the
  process of upgrading it's version of Java from 1.1 to 1.4. For the most part,the upgrade has gone smoothly, but we are having two big problems. The first problem is that the list objects on one of the windows resize when a mouse event occurs on the Tabbed Panel it sits on. The list object is made from a Symantec class called MultiList. The list actually shrinks so that the data on it can hardly be seen.
  The other problem is that when dispose() is called on all of the windows, an IllegalStateException: Cannot dispose InputContext while its active error occurs.

  If you people have nothing good to say, please do the
  rest of us in the forum(s) a favor and don't say
  anything at all.
  Also, do not assume that threads are posted because
  people are lazy and haven't researched their
  problem(s).
  People post threads in these forums looking for help,
  not abuse.What are you talking about?
  If the original poster disregarded my advice and searched the bug database as indicated, they would have found the answer to their question. I know. I had the same problem and solved it by using the workaround I found in the bug database.
  I would say it was very helpful advice.

• Need help w/ setting up ports to run a server for America's Army

  Need help w/ setting up ports to run a server for America's Army. I read wat u need to change the ports but i dont understand wat to put. here is wat the site says
  Q: How do I run my own server?
  A: Quick and dirty server info:
  1. Edit RunServer.bat to change the map.
  2. Run RunServer.bat
  Or:
  server.exe LAN MAPNAME.aao (Host a LAN game)
  server.exe global MAPNAME.aao (Host a Public game)
  Also: When you create a server setup and want to allow other users to join your server, you need make sure the following ports are open for outgoing and incoming traffic in your firewall: 1716 (UDP), 1717 (UDP), 20025-20045 (TCP), and 20047 (TCP). Failure to open these ports will prevent the server from accepting connections from other players or prevent other players from being able to see your server online.
  There are several settings that also need to be defined in your server configuration INI file (in the Windows version, these files are located in “My Documents\America’s Army Server Settings\{settings file name}.ini”).
  [Engine.GameEngine]
  ServerActors=Andromeda.AndromedaMBS
  [Andromeda.Andromeda]
  GameServerIp=
  Make sure that you set the actual IP address of the America’s Army Server under GameServerIp= (for example, “GameServerIp=000.000.000.000”). The supplied address must be your actual internet IP address, if this is left blank or you supply the IP address for your internal network (such as 192.168.0.x), your server will not be able to accept connections from the internet.
  If your server.ini file contains the setting shown below, please change the QueryPort setting to 20025. This setting can also be removed, as the default setting is port 20025.
  [Andromeda.AndromedaMBS]
  QueryPort=20025
  Punkbuster user fix correction.
  If [Engine.GameEngine] block has been changed to read as below:
  [Engine.GameEngine]
  ServerActors=IPDrv.AndromedaMBS
  Please add the following block to your INI file:
  [IpDrv.AndromedaMBS]
  QueryPort=20025
  (Last Updated: 2006-04-20)

  Your images are not stored in the catalog. They are stored in folders on your computer. If you imported images that were already on your computer using the "Add" Option they are still in that same folder. If you imported images from your camera then they are in the folders that you specified when you imported. The catalog points to those images wherever they are located, and records all of the adjustments that you make to the image. When you send an image to Photoshop for further editing and save that image in Photoshop, it is normally saved back in the same folder as the original image.
  Images are not "saved" in Lightroom. The basic default workflow in Lightroom is to store all of the adjustments in the catalog, leaving the original image completely unmodified. The catalog becomes the central controlling mechanism. It is a database that contains pointers to where the images are located and a record of all adjustments made to those images using Lightroom. Properly managed, you only have those original master files and secondary files for the ones that you have sent to Photoshop for further adjustment. When you want to provide a copy for someone else, you use the export dialogue for that purpose. I often export JPEG images to share with others or to post on the web. After I have usedthe JPEG for its intended purpose I delete it.

• Need help with ASA 5512 and SQL port between DMZ and inside

  Hello everyone,
  Inside is on gigabitEthernet0/1 ip 192.9.200.254
  I have a dmz on gigabitEthernet2 ip 192.168.100.254
  I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network. 
  I believe this will work for port 443:
  object network dmz
  subnet 192.168.100.0 255.255.255.0
  object network webserver
  host 192.168.100.80
  object network webserver
  nat (dmz,outside) static interface service tcp 443 443
  access-list Outside_access_in extended permit tcp any object webserver eq 443
  access-group Outside_access_in in interface Outside
  However...How would I open only port 1433 from dmz to inside?
  At the bottom of this message is my config if it helps.
  Thanks,
  John Clausen
  Config:
  : Saved
  ASA Version 9.1(2) 
  hostname ciscoasa-gcs
  domain-name router.local
  enable password f4yhsdf.4sadf977 encrypted
  passwd f4yhsdf.4sadf977 encrypted
  names
  ip local pool vpnpool 192.168.201.10-192.168.201.50
  interface GigabitEthernet0/0
   nameif outside
   security-level 0
   ip address 123.222.222.212 255.255.255.224 
  interface GigabitEthernet0/1
   nameif inside
   security-level 100
   ip address 192.9.200.254 255.255.255.0 
  interface GigabitEthernet0/2
   nameif dmz
   security-level 100
   ip address 192.168.100.254 255.255.255.0 
  interface GigabitEthernet0/3
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/4
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/5
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   management-only
   nameif management
   security-level 100
   ip address 192.168.1.1 255.255.255.0 
  ftp mode passive
  dns server-group DefaultDNS
   domain-name router.local
  object network inside-subnet
   subnet 192.9.200.0 255.255.255.0
  object network netmotion
   host 192.9.200.6
  object network inside-network
   subnet 192.9.200.0 255.255.255.0
  object network vpnpool
   subnet 192.168.201.0 255.255.255.192
  object network NETWORK_OBJ_192.168.201.0_26
   subnet 192.168.201.0 255.255.255.192
  object network NETWORK_OBJ_192.9.200.0_24
   subnet 192.9.200.0 255.255.255.0
  access-list outside_access_in extended permit icmp any4 any4 log disable 
  access-list Outside_access_in extended permit udp any object netmotion eq 5020 
  access-list split standard permit 192.9.200.0 255.255.255.0 
  access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0 
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  mtu dmz 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
  nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
  object network netmotion
   nat (inside,outside) static interface service udp 5020 5020 
  nat (inside,outside) after-auto source dynamic any interface
  access-group Outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.9.200.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpool policy
  crypto ikev1 enable outside
  crypto ikev1 policy 10
   authentication crack
   encryption aes-256
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 20
   authentication rsa-sig
   encryption aes-256
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 30
   authentication pre-share
   encryption aes-256
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 40
   authentication crack
   encryption aes-192
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 50
   authentication rsa-sig
   encryption aes-192
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 60
   authentication pre-share
   encryption aes-192
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 70
   authentication crack
   encryption aes
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 80
   authentication rsa-sig
   encryption aes
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 90
   authentication pre-share
   encryption aes
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 100
   authentication crack
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 110
   authentication rsa-sig
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 120
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 130
   authentication crack
   encryption des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 140
   authentication rsa-sig
   encryption des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 150
   authentication pre-share
   encryption des
   hash sha
   group 2
   lifetime 86400
  telnet 192.9.200.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl encryption aes128-sha1 3des-sha1
  webvpn
   enable outside
   anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
   anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
   anyconnect enable
   tunnel-group-list enable
  group-policy SSLVPN internal
  group-policy SSLVPN attributes
   dns-server value 192.9.200.13
   vpn-tunnel-protocol ssl-client 
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value split
   default-domain value router.local
  group-policy VPNT internal
  group-policy VPNT attributes
   dns-server value 192.9.200.13
   vpn-tunnel-protocol ikev1 l2tp-ipsec 
   split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPNT_splitTunnelAcl
   default-domain value router.local
  username grimesvpn password 7.wersfhyt encrypted
  username grimesvpn attributes
   service-type remote-access
  tunnel-group SSLVPN type remote-access
  tunnel-group SSLVPN general-attributes
   address-pool vpnpool
   default-group-policy SSLVPN
  tunnel-group SSLVPN webvpn-attributes
   group-alias SSLVPN enable
  tunnel-group VPNT type remote-access
  tunnel-group VPNT general-attributes
   address-pool vpnpool
   default-group-policy VPNT
  tunnel-group VPNT ipsec-attributes
   ikev1 pre-shared-key *****
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map 
    inspect ftp 
    inspect h323 h225 
    inspect h323 ras 
    inspect rsh 
    inspect rtsp 
    inspect esmtp 
    inspect sqlnet 
    inspect skinny  
    inspect sunrpc 
    inspect xdmcp 
    inspect sip  
    inspect netbios 
    inspect tftp 
    inspect ip-options 
    inspect icmp 
  service-policy global_policy global
  prompt hostname context 
  no call-home reporting anonymous
  Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
  : end

  Hi Vibor. Apologies if my comment was misunderstood.  What I meant to say was that the security level of the dmz interface should probably be less than 100. 
  And therefore traffic could be controlled between DMZ and inside networks. 
  As per thr security level on the DMZ interface. ....... that command is correct. :-)