Best practice ACLs for a internet facing border router?
matthew zeier
mrz at velvet.org
Mon Jun 13 18:22:26 UTC 2005
Drew Weaver wrote:
> I'm just curious if anyone has ever published a list of what is
> an agreed upon best practice list of ACLs for an internet facing border
> router. I'm talking about things like bogons, private Ip addresses, et
> cetera. If anyone is aware of anything like this I'd like to see it.
Depending on your flavor of router, you might need to take multiple approaches.
On my 12000s, I'm only using RACLs (beyond prefix filtering) and do more
specific ACLs closer down to the "core".
--
matthew zeier - "Curiosity is a willing, a proud, an eager confession
of ignorance." - Leonard Rubenstein
More information about the NANOG
mailing list