RE: Firewalls in service provider environments

George Bonser Tue, 07 Feb 2012 14:34:50 -0800

> 
> Here is the template we typically use (or a variant of it):
> 
> <-- snippet -->
> access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
> access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
> access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
> access-list 102 deny   ip 0.0.0.0 0.255.255.255 any
> access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
> access-list 102 deny   ip 224.0.0.0 15.255.255.255 any
> access-list 102 deny   ip host 255.255.255.255 any


I typically also include traffic to/from:

TCP/UDP port 0
169.254.0.0/16
192.0.2.0/24
198.51.100.0/24
203.0.113.0/24

Been wondering if I should also block 198.18.0.0/15 as well.

RE: Firewalls in service provider environments

Reply via email to