Sorry, wrong list, should go to foundry-nsp ;) > Hello, > > this week we had an attack directly against one of our XMR (UDP packets to > a transfer network IP). > I was looking for an CoPP-equivalant and found the "IP Receive ACLs" > feature. > > In sample case of "I block all UDP and allow everthing else" I would use > that config here according to the manual: > > access-list 101 remark BLOCK_UDP > access-list 101 deny udp any any > > access-list 102 remark ALLOW_ANYTHING_ELSE > access-list 102 permit ip any any > > ip receive access-list 101 sequence 5 > ip receive access-list 102 sequence 10 > > Manual says that default policy is "deny ip any any" (applied after last > rule). > I am wondering what exactly is matched by "ip" because other protocols are > not mentioned. > Is "ip" an equivalent for "ipv4" or more some kind of "any" in an extended > access list ? > Does the above config work or do I need a standard access list like > "access-list 50 permit any" at the end ? > > Does anybody maybe already have a "known to work"-config for 0815 usage > (BGP, OSPF, VRRP) ? > > kind regards > Rolf > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ >
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/