(cisco, or any) acl *reducers* out there?

• Previous message (by thread): (cisco, or any) acl *reducers* out there?
• Next message (by thread): (cisco, or any) acl *reducers* out there?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 19/08/2010, at 1:38 PM, Randy Bush wrote:

> one more comment.  be careful aggregating filters.  the peer may
> actually announce all those damed frags, especially in massively
> de-aggregated places such as india, indonesia, ...
> 
> randy


I should have been clearer that I really only want to aggregate ACLs like a port-22 ssh filter which has an endless list of specific /32, or the 'we don't like inbound UDP' -where it logically made sense. So if you happen to have an overarching UDP 'established' class rule, then its order compared to other rules might or might not make them useless.

Route filtering is best done by professionals. Always read the instructions on the packet.
(Your oven may be in centigrade, not fahrenheit, and the cup size varies by economy.)

-George

• Previous message (by thread): (cisco, or any) acl *reducers* out there?
• Next message (by thread): (cisco, or any) acl *reducers* out there?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]