From owner-freebsd-security Tue Aug 18 15:59:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA21756 for freebsd-security-outgoing; Tue, 18 Aug 1998 15:59:01 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: (from jmb@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA21681; Tue, 18 Aug 1998 15:58:42 -0700 (PDT) (envelope-from jmb) From: "Jonathan M. Bresler" Message-Id: <199808182258.PAA21681@hub.freebsd.org> Subject: Re: private network on router's external NIC? In-Reply-To: <738.903414941@critter.freebsd.dk> from Poul-Henning Kamp at "Aug 18, 98 06:35:41 am" To: phk@critter.freebsd.dk (Poul-Henning Kamp) Date: Tue, 18 Aug 1998 15:58:42 -0700 (PDT) Cc: jaitken@dimension.net, sthaug@nethelp.no, girgen@partitur.se, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Poul-Henning Kamp wrote: > But any moderately experienced BGP-gaffer will know not to accept any > routes for: > > neighbor x.x.x.x distribute-list 4 in > > access-list 4 deny 0.0.0.0 > access-list 4 deny 10.0.0.0 0.255.255.255 > access-list 4 deny 172.16.0.0 0.0.15.255 > access-list 4 deny 192.168.0.0 0.0.255.255 > access-list 4 deny 127.0.0.0 0.255.255.255 > access-list 4 deny > access-list 4 deny > access-list 4 deny > and any ISP worth a damn will filter the BGP adverts it accepts from each of its customers...allowing customers to advert their own networks *only* jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message