North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Filtering Source Addresses on gw-internet
-----BEGIN PGP SIGNED MESSAGE----- At 03:05 PM 8/12/97 -0400, C. Jon Larsen wrote: >gw-internet#show access-lists 120 >Extended IP access list 120 > deny ip any 10.0.0.0 0.255.255.255 log > deny ip any 172.16.0.0 0.0.255.255 log > deny ip any 172.17.0.0 0.0.255.255 log > deny ip any 192.168.0.0 0.0.255.255 log > permit ip a.b.c.0 0.0.0.255 any (27429 matches) > deny ip any any log Line 2 and 3 could be replaced by deny ip any 172.16.0.0 0.15.255.255 log which would block all 172.16.0.0-172.31.0.0 as per the RFC. You might also want to block 127.0.0.0. GK -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBM/DBxW384++etaQJAQGlwAgAoVjoB5EZCaYjzvmwWaVeO5zOPTipegDE 0TX2Xg2L5yIClAeiWD4f0T4E4jCH5BtSwoitlu9fcHlsPo4VRwOutQssIJHL+sUR Ps1NEot6pwOu+slCwklLhqVwyouv0UHI0Fxal5aCM65X+WNH8+5HvE9g4uBQp8A6 o6HzM++69FKwg8pdQ82HNnjToVZxsqwH41HNSHC0HjLvJG+uZPBFlzLEdnvkNSRg fikSERpnZAa+QzpTRjtTcK3XC2DEYGAi0wifn9mbyRav9xenzvNl+rUV5Fg/jbFS jDFhiLFJc/7o3Y5+9HoA9keBEqeFMle86BGjX09C1FKLtPnVhTwSpQ== =ZNYx -----END PGP SIGNATURE-----
|