nanog mailing list archives
Re: Firewalls in service provider environments
From: Steve Bertrand <steve.bertrand () gmail com>
Date: Tue, 07 Feb 2012 22:20:13 -0500
On 2012.02.07 20:47, Suresh Ramasubramanian wrote:
On Wed, Feb 8, 2012 at 4:04 AM, George Bonser<gbonser () seven com> wrote:I typically also include traffic to/from: TCP/UDP port 0 169.254.0.0/16 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24 Been wondering if I should also block 198.18.0.0/15 as well.suresh@frodo 17:46:08 :~$ nslookup 1.113.0.203.bogons.cymru.com Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: 1.113.0.203.bogons.cymru.com Address: 127.0.0.2 Also available as a bgp feed, for years now. Saves you updating your martian ACLs from time to time.
Amen. v4 and v6 lists are available via free BGP feed (via v4 and v6 peering) from Cymru. Dynamic simplicity within community's finest standards.
Works wonders for those who have s/RTBH deployed.
Current thread:
- Re: Firewalls in service provider environments, (continued)
- Re: Firewalls in service provider environments Matthew Reath (Feb 07)
- Re: Firewalls in service provider environments Matt Buford (Feb 07)
- Re: Firewalls in service provider environments Matthew Reath (Feb 08)
- Re: Firewalls in service provider environments Christopher Morrow (Feb 08)
- Re: Firewalls in service provider environments Matthew Reath (Feb 08)
- Re: Firewalls in service provider environments Henry Yen (Feb 08)
- Re: Firewalls in service provider environments David Walker (Feb 09)
- RE: Firewalls in service provider environments George Bonser (Feb 07)
- Re: Firewalls in service provider environments Jared Mauch (Feb 07)
- Re: Firewalls in service provider environments Suresh Ramasubramanian (Feb 07)
- Re: Firewalls in service provider environments Steve Bertrand (Feb 07)
- Re: Firewalls in service provider environments Suresh Ramasubramanian (Feb 07)