Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RFC1918 conformance

  • From: Andrew Partan
  • Date: Mon Feb 10 19:42:13 1997

My standard in & out route filters are attached.
Everyone should use something like this.
	--asp@partan.com (Andrew Partan)

! This list is used to block bogon routes to/from peers.
! Deny martian routes
no access-list 180
! 0/anything
access-list 180 deny   ip host 0.0.0.0 any
! 127/8 & longer
access-list 180 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
! The private use nets
access-list 180 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 180 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 180 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
! Test net
access-list 180 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
! 1st and last classical B and C nets (guard nets).
access-list 180 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 180 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 180 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 180 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
! All multicast routes - the router now does this itself, but it didn't
! at one point.....
access-list 180 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
! Block all routes with a mask longer than /24,
access-list 180 deny   ip any 255.255.255.128 0.0.0.127
access-list 180 permit ip any any
- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.