[81481] in North American Network Operators' Group
RE: Best practice ACLs for a internet facing border router?
daemon@ATHENA.MIT.EDU (Daniel Senie)
Mon Jun 13 11:42:32 2005
Date: Mon, 13 Jun 2005 11:35:31 -0400
To: <nanog@merit.edu>
From: Daniel Senie <dts@senie.com>
In-Reply-To: <9CE4B7DBDD6EF34A9ECAC4E521FB008D0BB73BFE@ntsviemxs0153.con
nect.at-work.ent>
Errors-To: owner-nanog@merit.edu
At 10:16 AM 6/13/2005, Frotzler, Florian wrote:
>ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Template
>s/
>
>Florian
The original question didn't specify whether the interest was prefixes or
packet filters.
For packet filtering, the above URL is not going to help, but a read of
BCP38 would be in order.
Edge sites with no downstreams can very easily filter the source addresses
leaving their network and ensure no bogus-sourced packets leave, be they
RFC1918, or spoofs.
> > -----Original Message-----
> > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
> > Behalf Of Drew Weaver
> > Sent: Montag, 13. Juni 2005 16:28
> > To: nanog@merit.edu
> > Subject: Best practice ACLs for a internet facing border router?
> >
> >
> > I'm just curious if anyone has ever published a list of
> > what is an agreed upon best practice list of ACLs for an
> > internet facing border router. I'm talking about things like
> > bogons, private Ip addresses, et cetera. If anyone is aware
> > of anything like this I'd like to see it.
> >
> > Thanks,
> > -Drew
> >
> >
