[81476] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Best practice ACLs for a internet facing border router?

daemon@ATHENA.MIT.EDU (Robert Brockway)
Mon Jun 13 10:34:06 2005

Date: Mon, 13 Jun 2005 10:35:00 -0400 (EDT)
From: Robert Brockway <rbrockway@opentrend.net>
To: nanog@merit.edu
In-Reply-To: <B9ECBF8D89E7684EB63FF250E8788B1911961F@BIGLOG.thenap.com>
Errors-To: owner-nanog@merit.edu


On Mon, 13 Jun 2005, Drew Weaver wrote:

> 
> 	I'm just curious if anyone has ever published a list of what is
> an agreed upon best practice list of ACLs for an internet facing border
> router. I'm talking about things like bogons, private Ip addresses, et
> cetera. If anyone is aware of anything like this I'd like to see it.

I suggest reviewing RFC3330.  The bogons needs to be kept up to date (some 
interesting discussions on SAGE-AU of organisations not doing that) but 
for a list of subnets reserved for different purposes RFC3330 is 
invaluable.

Rob

-- 
Robert Brockway B.Sc.
Senior Technical Consultant, OpenTrend Solutions Ltd.
Ph: +1-416-669-3073 Email: rbrockway@opentrend.net http://www.opentrend.net
OpenTrend Solutions: Reliable, secure solutions to real world problems.
Contributing Member of Software in the Public Interest http://www.spi-inc.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[81476] in North American Network Operators' Group

Re: Best practice ACLs for a internet facing border router?

daemon@ATHENA.MIT.EDU (Robert Brockway)Mon Jun 13 10:34:06 2005

daemon@ATHENA.MIT.EDU (Robert Brockway)
Mon Jun 13 10:34:06 2005