Firewall Wizards mailing list archives
anti-spoofing (was Non-delegated master domains)
From: Kevin Steves <stevesk () sweden hp com>
Date: Sat, 22 May 1999 05:00:27 +0200 (CEST)
On Wed, 12 May 1999, Bennett Todd wrote: : And of course the external screening : router blocks all packets with src and dst addresses in the RFC 1918 ranges : (10/8, 172.16/12, and 192.168/16). There is an ID that talks about other prefixes that could be blocked: http://www.ietf.org/internet-drafts/draft-manning-dsua-00.txt I tend to start with: ip access-list extended e0/2-in deny ip 0.0.0.0 0.255.255.255 any log deny ip host 255.255.255.255 any log deny ip 127.0.0.0 0.255.255.255 any log deny ip 224.0.0.0 15.255.255.255 any log deny ip 240.0.0.0 15.255.255.255 any log deny ip 192.0.2.0 0.0.0.255 any log deny ip 169.254.0.0 0.0.255.255 any log deny ip 10.0.0.0 0.255.255.255 any log deny ip 172.16.0.0 0.15.255.255 any log deny ip 192.168.0.0 0.0.255.255 any log
Current thread:
- Re: [BIND-BUGS #18] Non-delegated master domains Bennett Todd (May 12)
- anti-spoofing (was Non-delegated master domains) Kevin Steves (May 22)