Firewalls in service provider environments

Suresh Ramasubramanian ops.lists at gmail.com
Tue Feb 7 19:47:41 CST 2012


On Wed, Feb 8, 2012 at 4:04 AM, George Bonser <gbonser at seven.com> wrote:
> I typically also include traffic to/from:
>
> TCP/UDP port 0
> 169.254.0.0/16
> 192.0.2.0/24
> 198.51.100.0/24
> 203.0.113.0/24
>
> Been wondering if I should also block 198.18.0.0/15 as well.

suresh at frodo 17:46:08 :~$ nslookup 1.113.0.203.bogons.cymru.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   1.113.0.203.bogons.cymru.com
Address: 127.0.0.2

Also available as a bgp feed, for years now.   Saves you updating your
martian ACLs from time to time.

-- 
Suresh Ramasubramanian (ops.lists at gmail.com)



More information about the NANOG mailing list