Matt, all -
I have in my notes to block this also:
deny ip 255.0.0.0 0.255.255.255 any log
But you cover that with your Class E deny statement, so would it make sense
to cover "D" and "E" in one statement?
e.g. deny ip 224.0.0.0 31.255.255.255 any log ! to cover 224-255
On a separate question:
Any ideas why cisco would recommend "no ip route cache" on a perimeter
router like this?
Buddy Venne, MCSE, CCNP Security Specialist
WAN/LAN Specialist
Onyx Acceptance Corp.
(949) 465-3775
-----Original Message-----
From: Matt Hite [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 20, 2000 12:09 AM
To: [EMAIL PROTECTED]
Subject: Re: Recommended blocking for Internet-router
Here's something I cooked up a while back that I always slap on
the Internet-facing interface of my routers.
<snip>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
