RE: Firewalls in service provider environments

7 Feb 2012

      ...
Here is the template we typically use (or a variant of it):
<-- snippet -->
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 0.0.0.0 0.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip 224.0.0.0 15.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
I typically also include traffic to/from:

TCP/UDP port 0
169.254.0.0/16
192.0.2.0/24
198.51.100.0/24
203.0.113.0/24

Been wondering if I should also block 198.18.0.0/15 as well.

RE: Firewalls in service provider environments

George Bonser