[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Firewalls in service provider environments

Subject: Firewalls in service provider environments
From: gbonser at seven.com (George Bonser)
Date: Tue, 7 Feb 2012 22:34:07 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

> 
> Here is the template we typically use (or a variant of it):
> 
> <-- snippet -->
> access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
> access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
> access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
> access-list 102 deny   ip 0.0.0.0 0.255.255.255 any
> access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
> access-list 102 deny   ip 224.0.0.0 15.255.255.255 any
> access-list 102 deny   ip host 255.255.255.255 any

I typically also include traffic to/from:

TCP/UDP port 0
169.254.0.0/16
192.0.2.0/24
198.51.100.0/24
203.0.113.0/24

Been wondering if I should also block 198.18.0.0/15 as well.

Follow-Ups:
- Firewalls in service provider environments
  - From: jared at puck.nether.net (Jared Mauch)
- Firewalls in service provider environments
  - From: ops.lists at gmail.com (Suresh Ramasubramanian)

References:
- Firewalls in service provider environments
  - From: matt at mattreath.com (Matthew Reath)
- Firewalls in service provider environments
  - From: leigh.porter at ukbroadband.com (Leigh Porter)
- Firewalls in service provider environments
  - From: matt at mattreath.com (Matthew Reath)

Prev by Date: Firewalls in service provider environments
Next by Date: Firewalls in service provider environments
Previous by thread: Firewalls in service provider environments
Next by thread: Firewalls in service provider environments
Index(es):
- Date
- Thread