Date: Tue, 18 Aug 1998 15:58:42 -0700 (PDT) From: "Jonathan M. Bresler" <jmb> To: phk@critter.freebsd.dk (Poul-Henning Kamp) Cc: jaitken@dimension.net, sthaug@nethelp.no, girgen@partitur.se, freebsd-security@FreeBSD.ORG Subject: Re: private network on router's external NIC? Message-ID: <199808182258.PAA21681@hub.freebsd.org> In-Reply-To: <738.903414941@critter.freebsd.dk> from Poul-Henning Kamp at "Aug 18, 98 06:35:41 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > But any moderately experienced BGP-gaffer will know not to accept any > routes for: > > neighbor x.x.x.x distribute-list 4 in > > access-list 4 deny 0.0.0.0 > access-list 4 deny 10.0.0.0 0.255.255.255 > access-list 4 deny 172.16.0.0 0.0.15.255 > access-list 4 deny 192.168.0.0 0.0.255.255 > access-list 4 deny 127.0.0.0 0.255.255.255 > access-list 4 deny <mynet0> <mynetmask0> > access-list 4 deny <mynet1> <mynetmask1> > access-list 4 deny <mynet2> <mynetmask2> > and any ISP worth a damn will filter the BGP adverts it accepts from each of its customers...allowing customers to advert their own networks *only* jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808182258.PAA21681>