Firewall Wizards mailing list archives

anti-spoofing (was Non-delegated master domains)

From: Kevin Steves <stevesk () sweden hp com>
Date: Sat, 22 May 1999 05:00:27 +0200 (CEST)

On Wed, 12 May 1999, Bennett Todd wrote:
: And of course the external screening
: router blocks all packets with src and dst addresses in the RFC 1918 ranges
: (10/8, 172.16/12, and 192.168/16).

There is an ID that talks about other prefixes that could be blocked:

http://www.ietf.org/internet-drafts/draft-manning-dsua-00.txt

I tend to start with:

ip access-list extended e0/2-in
 deny   ip 0.0.0.0 0.255.255.255 any log
 deny   ip host 255.255.255.255 any log
 deny   ip 127.0.0.0 0.255.255.255 any log
 deny   ip 224.0.0.0 15.255.255.255 any log
 deny   ip 240.0.0.0 15.255.255.255 any log
 deny   ip 192.0.2.0 0.0.0.255 any log
 deny   ip 169.254.0.0 0.0.255.255 any log
 deny   ip 10.0.0.0 0.255.255.255 any log
 deny   ip 172.16.0.0 0.15.255.255 any log
 deny   ip 192.168.0.0 0.0.255.255 any log

Current thread:

Re: [BIND-BUGS #18] Non-delegated master domains Bennett Todd (May 12)
- anti-spoofing (was Non-delegated master domains) Kevin Steves (May 22)