Taking this concept a step further... Contact Team Cymru about setting up a free multihop BGP peering session for their BOGONs list.
- Josh On Apr 25, 2017 7:14 PM, "David Milholen" <[email protected]> wrote: > Ill take a stab at it.. > > This being a Forward rule means that anything that passes through the > router or interface. > > Every packet out of the SFP interface except public ips coming to the > SFP. > > So if a packet that has a rfc1918 in it destined to the sfp to be natted > or dest- natted then drop. > > > if your worried about rfc1918 space trying to route then use this > > add action=drop chain=forward comment="Drop ip fragmentation" > connection-state=invalid > > > > On 4/25/2017 6:38 PM, Jason McKemie wrote: > > Can anyone see why this firewall rule would just be dropping all traffic? > > add action=drop chain=forward comment="Drop Spoofed Traffic" disabled=yes \ > out-interface=sfp1 src-address-list=!Public-IPs > > It's disabled here obviously, but other than that... > > > -- >
