Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network Operators and smurf

  • From: Christopher Neill
  • Date: Sun Apr 26 15:59:34 1998

On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote:
> At 5:53 PM -0400 4/24/98, Jay R. Ashworth wrote:
> 
> >It's been my understanding that the knobs are in fact _not_ there,
> >Dean, but I'd be happy to be proven wrong.
> 
> On your outbound interface(s):
> 
> access-list 101 permit ip <yournet-1> any out
> access-list 101 permit ip <yournet-2> any out
> ...
> access-list 101 deny ip any any out
> 
> This allows only packets sourced from your networks to be sent.
> 
> Or, another perhaps better way is to only accept packets from your customer
> networks which are sourced from those networks.  Each customer interface
> then has an inbound filter the blocks everything not sourced from your
> customers network.
> 
> 		--Dean

And conversely, ..:

acce 102 deny ip <yournet> any
acce 102 perm ip any any
in s0
ip access-g 102 in

-- 
Christopher M Neill -- Network Operations
QualNet - We Make the Internet Work for Your Business.(sm)
DID: 216-902-5460, Office: 800-466-0088, Fax: 216-623-3566
http://www.qual.net




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.