|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RFC1918 conformance
My standard in & out route filters are attached. Everyone should use something like this. [email protected] (Andrew Partan) ! This list is used to block bogon routes to/from peers. ! Deny martian routes no access-list 180 ! 0/anything access-list 180 deny ip host 0.0.0.0 any ! 127/8 & longer access-list 180 deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 ! The private use nets access-list 180 deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 access-list 180 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255 access-list 180 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255 ! Test net access-list 180 deny ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255 ! 1st and last classical B and C nets (guard nets). access-list 180 deny ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 180 deny ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255 access-list 180 deny ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255 access-list 180 deny ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255 ! All multicast routes - the router now does this itself, but it didn't ! at one point..... access-list 180 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 ! Block all routes with a mask longer than /24, access-list 180 deny ip any 255.255.255.128 0.0.0.127 access-list 180 permit ip any any - - - - - - - - - - - - - - - - -
|