RFC1918 conformance

Tue Feb 11 00:15:03 UTC 1997

My standard in & out route filters are attached.
Everyone should use something like this.
	--asp at partan.com (Andrew Partan)

! This list is used to block bogon routes to/from peers.
! Deny martian routes
no access-list 180
! 0/anything
access-list 180 deny   ip host 0.0.0.0 any
! 127/8 & longer
access-list 180 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
! The private use nets
access-list 180 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 180 deny   ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 180 deny   ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
! Test net
access-list 180 deny   ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
! 1st and last classical B and C nets (guard nets).
access-list 180 deny   ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 180 deny   ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 180 deny   ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 180 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
! All multicast routes - the router now does this itself, but it didn't
! at one point.....
access-list 180 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
! Block all routes with a mask longer than /24,
access-list 180 deny   ip any 255.255.255.128 0.0.0.127
access-list 180 permit ip any any