| |||||||||||||||||
|
You can also use Unicast Reverse Path Forwarding. RPF is more efficient than ACLs, and has the added advantage of not requiring maintenance. In a nutshell, if your router has a route to a prefix in its local RIB, then incoming packets from a border interface having a matching source IP will be dropped.
RPF has knobs and dials to make it work for various ISP environments. Implement it carefully (as is be standing next to the router involved :