Protection ACL for WAN INTERFACE

An protection ACL for WAN interfaces

ip access-list extended PERIMETER-IN
 remark ANTI-SPOOFING
 deny   ip INTERNAL NETWORKS any
 remark BROADCAST
 deny   ip 0.0.0.0 0.255.255.255 any
 remark RFC 1918 - private networks
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any 
 remark RFC 5735 - Special Use IPv4 Addresses
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip 169.254.0.0 0.0.255.255 any
 deny   ip 192.0.2.0 0.0.0.255 any
 deny   ip 198.18.0.0 0.1.255.255 any
 deny   ip 198.51.100.0 0.0.0.255 any
 deny   ip 203.0.113.0 0.0.0.255 any
 deny   ip 224.0.0.0 31.255.255.255 any
 permit ...

Leave a Reply

Your email address will not be published. Required fields are marked *