Firewalls in service provider environments

• Previous message (by thread): Firewalls in service provider environments
• Next message (by thread): Firewalls in service provider environments
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2012.02.07 20:47, Suresh Ramasubramanian wrote:
> On Wed, Feb 8, 2012 at 4:04 AM, George Bonser<gbonser at seven.com>  wrote:
>> I typically also include traffic to/from:
>>
>> TCP/UDP port 0
>> 169.254.0.0/16
>> 192.0.2.0/24
>> 198.51.100.0/24
>> 203.0.113.0/24
>>
>> Been wondering if I should also block 198.18.0.0/15 as well.
>
> suresh at frodo 17:46:08 :~$ nslookup 1.113.0.203.bogons.cymru.com
> Server:         127.0.0.1
> Address:        127.0.0.1#53
>
> Non-authoritative answer:
> Name:   1.113.0.203.bogons.cymru.com
> Address: 127.0.0.2
>
> Also available as a bgp feed, for years now.   Saves you updating your
> martian ACLs from time to time.

Amen. v4 and v6 lists are available via free BGP feed (via v4 and v6 
peering) from Cymru. Dynamic simplicity within community's finest standards.

Works wonders for those who have s/RTBH deployed.

• Previous message (by thread): Firewalls in service provider environments
• Next message (by thread): Firewalls in service provider environments
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]