Re: Ingress filtering
On Monday 17 September 2001 01:22, Bernd Eckenfels wrote:
> On Mon, Sep 17, 2001 at 12:50:26AM +0100, Pedro Corte-Real wrote:
> > I know they are:
> >
> > 10.0.0.0 - 10.255.255.255
>
> 10.0.0.0:255.0.0.0 aka 10.0.0.0/8
>
> > 172.16.0.0 - 172.31.255.255
>
> 172.16.0.0:255.240.0.0 aka 172.16.0.0/12
>
> > 192.168.0.0 - 192.168.255.255
>
> 192.168.0.0:255.255.0.0 aka 192.168.0.0/16
>
> In addition you should block the link-local net and perhaps all multicast
> networks, if you are shure you do not use them.
>
> 127.0.0.0/8 Loopback
> 224.0.0.0/4 multicast
> 169.254.0.0/16 Microsoft Link Local
All these are blocked now, thanks
>
> Of course much more important is to block packets with your local network
> as source (maybe even destination if you do NAT). And to block outgoing
> spoofed and leaking (i.e. with your internal sender address) outgoing
> pacets in the egress filter.
>
How do I do this?
> Greetings
> Bernd
Reply to: