Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Filtering Source Addresses on gw-internet

  • From: Greg Ketell
  • Date: Thu Aug 14 01:50:39 1997

Sorry for the delay.  I am in all-day meetings through the end
of the week.

If Null0 were a standard interface I would say "yes, definitely
a better method".  But since it isn't, I am not sure.  I will
try to find out and post tomorrow night (unless someone else
from cisco (or formerly from cisco) pops up the answer first.

GK

>Date: Wed, 13 Aug 1997 06:46:58 -0400 (EDT)
>From: "C. Jon Larsen" <jlarsen@ajtech.com>
>To: Greg Ketell <gketell@cisco.com>
>cc: nanog@merit.edu
>Subject: Re: Filtering Source Addresses on gw-internet
>
>Much thanks to everyone for their input. Greg, since you have
"Cisco" in your 
>email address, any comment on whether sending packets to a null
interface is a
>quicker / more efficient way blocking unwanted traffic ?
gw-internet is a
>little old 68030, with 1MB RAM.
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> At 03:05 PM 8/12/97 -0400, C. Jon Larsen wrote:
>> >gw-internet#show access-lists 120
>> >Extended IP access list 120
>> >    deny   ip any 10.0.0.0 0.255.255.255 log
>> >    deny   ip any 172.16.0.0 0.0.255.255 log
>> >    deny   ip any 172.17.0.0 0.0.255.255 log
>> >    deny   ip any 192.168.0.0 0.0.255.255 log
>> >    permit ip a.b.c.0 0.0.0.255 any (27429 matches)
>> >    deny   ip any any log
>> 
>> Line 2 and 3 could be replaced by
>> deny ip any 172.16.0.0 0.15.255.255 log
>> 
>> which would block all 172.16.0.0-172.31.0.0 as per the RFC.
>> 
>> You might also want to block 127.0.0.0.
>> 
>> GK
>> 
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP for Personal Privacy 5.0
>> Charset: noconv
>> 
>>
iQEVAwUBM/DBxW384++etaQJAQGlwAgAoVjoB5EZCaYjzvmwWaVeO5zOPTipegDE
>>
0TX2Xg2L5yIClAeiWD4f0T4E4jCH5BtSwoitlu9fcHlsPo4VRwOutQssIJHL+sUR
>>
Ps1NEot6pwOu+slCwklLhqVwyouv0UHI0Fxal5aCM65X+WNH8+5HvE9g4uBQp8A6
>>
o6HzM++69FKwg8pdQ82HNnjToVZxsqwH41HNSHC0HjLvJG+uZPBFlzLEdnvkNSRg
>>
fikSERpnZAa+QzpTRjtTcK3XC2DEYGAi0wifn9mbyRav9xenzvNl+rUV5Fg/jbFS
>> jDFhiLFJc/7o3Y5+9HoA9keBEqeFMle86BGjX09C1FKLtPnVhTwSpQ==
>> =ZNYx
>> -----END PGP SIGNATURE-----
>> 
>> 
>
>
>Linux.
>
>+-------------------+---------------------+
>| C. Jon Larsen     | jlarsen@ajtech.com  |
>| Systems Engineer  | Tel: 804.353.2800   |
>| A&J Technologies  |                     |
>|-------------------+---------------------|
>|         http://www.ajtech.com           |
>+-----------------------------------------+
>
>
>




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.