Best practice ACLs for a internet facing border router?

matthew zeier mrz at velvet.org
Mon Jun 13 18:22:26 UTC 2005




Drew Weaver wrote:
> 	I'm just curious if anyone has ever published a list of what is
> an agreed upon best practice list of ACLs for an internet facing border
> router. I'm talking about things like bogons, private Ip addresses, et
> cetera. If anyone is aware of anything like this I'd like to see it.

Depending on your flavor of router, you might need to take multiple approaches.

On my 12000s, I'm only using RACLs (beyond prefix filtering) and do more 
specific ACLs closer down to the "core".

--
matthew zeier - "Curiosity is a willing, a proud, an eager confession
of ignorance." - Leonard Rubenstein



More information about the NANOG mailing list