At 10:16 AM 6/13/2005, Frotzler, Florian wrote:

ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Template s/

Florian

The original question didn't specify whether the interest was prefixes or packet filters. For packet filtering, the above URL is not going to help, but a read of BCP38 would be in order. Edge sites with no downstreams can very easily filter the source addresses leaving their network and ensure no bogus-sourced packets leave, be they RFC1918, or spoofs.

...

-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Drew Weaver Sent: Montag, 13. Juni 2005 16:28 To: nanog@merit.edu Subject: Best practice ACLs for a internet facing border router?

I'm just curious if anyone has ever published a list of what is an agreed upon best practice list of ACLs for an internet facing border router. I'm talking about things like bogons, private Ip addresses, et cetera. If anyone is aware of anything like this I'd like to see it.

Thanks, -Drew