Network Operators and smurf
Christopher Neill
chrisn+spam at iagnet.net
Fri Apr 24 23:04:32 UTC 1998
On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote:
> At 5:53 PM -0400 4/24/98, Jay R. Ashworth wrote:
>
> >It's been my understanding that the knobs are in fact _not_ there,
> >Dean, but I'd be happy to be proven wrong.
>
> On your outbound interface(s):
>
> access-list 101 permit ip <yournet-1> any out
> access-list 101 permit ip <yournet-2> any out
> ...
> access-list 101 deny ip any any out
>
> This allows only packets sourced from your networks to be sent.
>
> Or, another perhaps better way is to only accept packets from your customer
> networks which are sourced from those networks. Each customer interface
> then has an inbound filter the blocks everything not sourced from your
> customers network.
>
> --Dean
And conversely, ..:
acce 102 deny ip <yournet> any
acce 102 perm ip any any
in s0
ip access-g 102 in
--
Christopher M Neill -- Network Operations
QualNet - We Make the Internet Work for Your Business.(sm)
DID: 216-902-5460, Office: 800-466-0088, Fax: 216-623-3566
http://www.qual.net
More information about the NANOG
mailing list