[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ingress filtering



On Monday 17 September 2001 01:22, Bernd Eckenfels wrote:
> On Mon, Sep 17, 2001 at 12:50:26AM +0100, Pedro Corte-Real wrote:
> > I know they are:
> >
> > 10.0.0.0        -   10.255.255.255
>
> 10.0.0.0:255.0.0.0 aka 10.0.0.0/8
>
> > 172.16.0.0      -   172.31.255.255
>
> 172.16.0.0:255.240.0.0 aka 172.16.0.0/12
>
> > 192.168.0.0     -   192.168.255.255
>
> 192.168.0.0:255.255.0.0 aka 192.168.0.0/16
>
> In addition you should block the link-local net and perhaps all multicast
> networks, if you are shure you do not use them.
>
> 127.0.0.0/8 Loopback
> 224.0.0.0/4 multicast
> 169.254.0.0/16 Microsoft Link Local


All these are blocked now, thanks
>
> Of course much more important is to block packets with your local network
> as source (maybe even destination if you do NAT). And to block outgoing
> spoofed and leaking (i.e. with your internal sender address) outgoing
> pacets in the egress filter.
>

How do I do this?

> Greetings
> Bernd



Reply to: