You don't need a tool. People already have provisioning/configuration tools or are doing it by hand. Whichever is the case, just add a rule to your customers interface. You know when you configure the interface what the mask is and what the broadcast is. All you need to do is add an access list entry which applies to that customers interface. The only real problem with this approach is customers which have large blocks. If you have a /16, you are almost certainly not using x.y.255.255 as a broadcast. It is hard to know or predict what their subnet strategy might be, but for such customers, you probably don't really need to worry, and can expect a higher clue level from them. They can put their own filters in place. --Dean At 03:41 PM 12/1/1998 -0500, Jon Zeeff wrote:
Who is willing to write a tool to do broadcast address discovery and access-list generation? Ideally with a config file that would allow one to avoid serious self smurfing (ie, ranges to check and patterns to assume are broadcasts without trying them).
Filtering broadcast addresses is pretty ugly. Consider that a single Class C broken down into /30's can have 64 broadcast addresses. Maybe if it was just filtering your own assigned subnets, it would be possible, but this also applies to customer-subnetted broadcast addresses, so you'd have to coordinate your filter with every one of your customers, every time they change subnets. Not impossible, but pretty close.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++