Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Best practice ACLs for a internet facing border router?

  • From: Daniel Senie
  • Date: Mon Jun 13 11:43:15 2005

At 10:16 AM 6/13/2005, Frotzler, Florian wrote:

ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Template
s/

Florian
The original question didn't specify whether the interest was prefixes or packet filters.

For packet filtering, the above URL is not going to help, but a read of BCP38 would be in order.

Edge sites with no downstreams can very easily filter the source addresses leaving their network and ensure no bogus-sourced packets leave, be they RFC1918, or spoofs.


> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
> Behalf Of Drew Weaver
> Sent: Montag, 13. Juni 2005 16:28
> To: nanog@merit.edu
> Subject: Best practice ACLs for a internet facing border router?
>
>
>       I'm just curious if anyone has ever published a list of
> what is an agreed upon best practice list of ACLs for an
> internet facing border router. I'm talking about things like
> bogons, private Ip addresses, et cetera. If anyone is aware
> of anything like this I'd like to see it.
>
> Thanks,
> -Drew
>
>




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.