network
or from unroutable address space.
Regards,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Wilson, Bradley
Sent: Monday, August 06, 2001 10:30 AM
To: [EMAIL PROTECTED]
Subject: RE: Access-list [7:14755]
Wouldn't you want to put the tcp/udp
]
Subject: RE: Access-list [7:14755]
Oops, typo, that line should have read:
deny ip any (i.e. anti-spoofing)
Also, the UDP permits should have read:
permit udp host eq 53 any gt 1023
The rest is correct, you always want to block bogus IP packets first, no
packets should enter the network
The most basic config is:
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip any
(these block bogus packets, you should always have these for Internet facing
routers)
06, 2001 1:16 PM
To: [EMAIL PROTECTED]
Subject: RE: Access-list [7:14755]
The most basic config is:
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip any
(these block
4 matches
Mail list logo