Much thanks to everyone for their input. Greg, since you have "Cisco" in your email address, any comment on whether sending packets to a null interface is a quicker / more efficient way blocking unwanted traffic ? gw-internet is a little old 68030, with 1MB RAM.
-----BEGIN PGP SIGNED MESSAGE-----
At 03:05 PM 8/12/97 -0400, C. Jon Larsen wrote:
gw-internet#show access-lists 120 Extended IP access list 120 deny ip any 10.0.0.0 0.255.255.255 log deny ip any 172.16.0.0 0.0.255.255 log deny ip any 172.17.0.0 0.0.255.255 log deny ip any 192.168.0.0 0.0.255.255 log permit ip a.b.c.0 0.0.0.255 any (27429 matches) deny ip any any log
Line 2 and 3 could be replaced by deny ip any 172.16.0.0 0.15.255.255 log
which would block all 172.16.0.0-172.31.0.0 as per the RFC.
You might also want to block 127.0.0.0.
GK
-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv
iQEVAwUBM/DBxW384++etaQJAQGlwAgAoVjoB5EZCaYjzvmwWaVeO5zOPTipegDE 0TX2Xg2L5yIClAeiWD4f0T4E4jCH5BtSwoitlu9fcHlsPo4VRwOutQssIJHL+sUR Ps1NEot6pwOu+slCwklLhqVwyouv0UHI0Fxal5aCM65X+WNH8+5HvE9g4uBQp8A6 o6HzM++69FKwg8pdQ82HNnjToVZxsqwH41HNSHC0HjLvJG+uZPBFlzLEdnvkNSRg fikSERpnZAa+QzpTRjtTcK3XC2DEYGAi0wifn9mbyRav9xenzvNl+rUV5Fg/jbFS jDFhiLFJc/7o3Y5+9HoA9keBEqeFMle86BGjX09C1FKLtPnVhTwSpQ== =ZNYx -----END PGP SIGNATURE-----
Linux. +-------------------+---------------------+ | C. Jon Larsen | jlarsen@ajtech.com | | Systems Engineer | Tel: 804.353.2800 | | A&J Technologies | | |-------------------+---------------------| | http://www.ajtech.com | +-----------------------------------------+