North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Filtering Source Addresses on gw-internet
Sorry for the delay. I am in all-day meetings through the end of the week. If Null0 were a standard interface I would say "yes, definitely a better method". But since it isn't, I am not sure. I will try to find out and post tomorrow night (unless someone else from cisco (or formerly from cisco) pops up the answer first. GK >Date: Wed, 13 Aug 1997 06:46:58 -0400 (EDT) >From: "C. Jon Larsen" <[email protected]> >To: Greg Ketell <[email protected]> >cc: [email protected] >Subject: Re: Filtering Source Addresses on gw-internet > >Much thanks to everyone for their input. Greg, since you have "Cisco" in your >email address, any comment on whether sending packets to a null interface is a >quicker / more efficient way blocking unwanted traffic ? gw-internet is a >little old 68030, with 1MB RAM. > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> At 03:05 PM 8/12/97 -0400, C. Jon Larsen wrote: >> >gw-internet#show access-lists 120 >> >Extended IP access list 120 >> > deny ip any 10.0.0.0 0.255.255.255 log >> > deny ip any 172.16.0.0 0.0.255.255 log >> > deny ip any 172.17.0.0 0.0.255.255 log >> > deny ip any 192.168.0.0 0.0.255.255 log >> > permit ip a.b.c.0 0.0.0.255 any (27429 matches) >> > deny ip any any log >> >> Line 2 and 3 could be replaced by >> deny ip any 172.16.0.0 0.15.255.255 log >> >> which would block all 172.16.0.0-172.31.0.0 as per the RFC. >> >> You might also want to block 127.0.0.0. >> >> GK >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP for Personal Privacy 5.0 >> Charset: noconv >> >> iQEVAwUBM/DBxW384++etaQJAQGlwAgAoVjoB5EZCaYjzvmwWaVeO5zOPTipegDE >> 0TX2Xg2L5yIClAeiWD4f0T4E4jCH5BtSwoitlu9fcHlsPo4VRwOutQssIJHL+sUR >> Ps1NEot6pwOu+slCwklLhqVwyouv0UHI0Fxal5aCM65X+WNH8+5HvE9g4uBQp8A6 >> o6HzM++69FKwg8pdQ82HNnjToVZxsqwH41HNSHC0HjLvJG+uZPBFlzLEdnvkNSRg >> fikSERpnZAa+QzpTRjtTcK3XC2DEYGAi0wifn9mbyRav9xenzvNl+rUV5Fg/jbFS >> jDFhiLFJc/7o3Y5+9HoA9keBEqeFMle86BGjX09C1FKLtPnVhTwSpQ== >> =ZNYx >> -----END PGP SIGNATURE----- >> >> > > >Linux. > >+-------------------+---------------------+ >| C. Jon Larsen | [email protected] | >| Systems Engineer | Tel: 804.353.2800 | >| A&J Technologies | | >|-------------------+---------------------| >| http://www.ajtech.com | >+-----------------------------------------+ > > >
|