26 Sep
2016
26 Sep
'16
2:55 p.m.
Re Stephen,
So, to beat that horse to a fare-thee-well, to be BCP38 compliant I need, on every interface sending packets out to the internet, to block any source address matching a subnet in the BOGON list OR not matching any of my routeable network subnets? Plus add null-route entries for all the BOGONs in my routing table so I don't send a bad destination packet to my upstream?
The correct way to implement this is - outgoing permit my allocated address blocks as source addresses - outgoing deny EVERYTHING (else) Elmar.