nanog mailing list archives
Re: Filtering Source Addresses on gw-internet
From: Greg Ketell <gketell () cisco com>
Date: Wed, 13 Aug 1997 22:15:34 -0700
Sorry for the delay. I am in all-day meetings through the end of the week. If Null0 were a standard interface I would say "yes, definitely a better method". But since it isn't, I am not sure. I will try to find out and post tomorrow night (unless someone else from cisco (or formerly from cisco) pops up the answer first. GK
Date: Wed, 13 Aug 1997 06:46:58 -0400 (EDT) From: "C. Jon Larsen" <jlarsen () ajtech com> To: Greg Ketell <gketell () cisco com> cc: nanog () merit edu Subject: Re: Filtering Source Addresses on gw-internet Much thanks to everyone for their input. Greg, since you have
"Cisco" in your
email address, any comment on whether sending packets to a null
interface is a
quicker / more efficient way blocking unwanted traffic ?
gw-internet is a
little old 68030, with 1MB RAM.-----BEGIN PGP SIGNED MESSAGE----- At 03:05 PM 8/12/97 -0400, C. Jon Larsen wrote:gw-internet#show access-lists 120 Extended IP access list 120 deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.0.255.255 log deny ip any 172.17.0.0 0.0.255.255 log deny ip any 192.168.0.0 0.0.255.255 log permit ip a.b.c.0 0.0.0.255 any (27429 matches) deny ip any any logLine 2 and 3 could be replaced by deny ip any 172.16.0.0 0.15.255.255 log which would block all 172.16.0.0-172.31.0.0 as per the RFC. You might also want to block 127.0.0.0. GK -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv
iQEVAwUBM/DBxW384++etaQJAQGlwAgAoVjoB5EZCaYjzvmwWaVeO5zOPTipegDE
0TX2Xg2L5yIClAeiWD4f0T4E4jCH5BtSwoitlu9fcHlsPo4VRwOutQssIJHL+sUR
Ps1NEot6pwOu+slCwklLhqVwyouv0UHI0Fxal5aCM65X+WNH8+5HvE9g4uBQp8A6
o6HzM++69FKwg8pdQ82HNnjToVZxsqwH41HNSHC0HjLvJG+uZPBFlzLEdnvkNSRg
fikSERpnZAa+QzpTRjtTcK3XC2DEYGAi0wifn9mbyRav9xenzvNl+rUV5Fg/jbFS
jDFhiLFJc/7o3Y5+9HoA9keBEqeFMle86BGjX09C1FKLtPnVhTwSpQ== =ZNYx -----END PGP SIGNATURE-----Linux. +-------------------+---------------------+ | C. Jon Larsen | jlarsen () ajtech com | | Systems Engineer | Tel: 804.353.2800 | | A&J Technologies | | |-------------------+---------------------| | http://www.ajtech.com | +-----------------------------------------+
Current thread:
- Filtering Source Addresses on gw-internet C. Jon Larsen (Aug 12)
- Re: Filtering Source Addresses on gw-internet Greg Ketell (Aug 12)
- Re: Filtering Source Addresses on gw-internet C. Jon Larsen (Aug 13)
- <Possible follow-ups>
- Re: Filtering Source Addresses on gw-internet C. Jon Larsen (Aug 12)
- Re: Filtering Source Addresses on gw-internet Jon Lewis (Aug 12)
- Re: Filtering Source Addresses on gw-internet Greg Ketell (Aug 13)
- Re: Filtering Source Addresses on gw-internet Greg Ketell (Aug 14)
- Re: Filtering Source Addresses on gw-internet Jon Lewis (Aug 15)
- Re: Filtering Source Addresses on gw-internet Tony Li (Aug 15)
- Re: Filtering Source Addresses on gw-internet Jon Lewis (Aug 15)
- Re: Filtering Source Addresses on gw-internet Greg Ketell (Aug 12)