Date: Mon, 24 Jun 1996 08:51:39 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: jkh@time.cdrom.com, hackers@FreeBSD.ORG, security@FreeBSD.ORG, ache@FreeBSD.ORG Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606241351.IAA05446@brasil.moneng.mei.com> In-Reply-To: <199606240822.KAA12148@gvr.win.tue.nl> from "Guido van Rooij" at Jun 24, 96 10:22:12 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > How do you install such things on a cisco 2500? :-) Seriously, if > > there's a way then I can get someone from cisco to help me out, but I > > first need to know that it's even a reasonable request. > > Put an access group *in*. On the interface to your ISP. Deny all > packets originating from ip numbers on your internal network. > Allow anything else. Better yet, do not allow just "anything" else... I block the RFC1597 "private internets" and 127.0.0.0/8 and 0.0.0.0/8 on both inbound and outbound filters, in addition to blocking inbound addresses with my network numbers.. basically they don't survive my routers :-) I don't have a Cisco manual handy, I do remember that the syntax is a bit grungy, but very flexible. Note: IIRC, the CPU on a 2500 is about as fast as a VW bug. You might be better off getting a PC, running FreeBSD, and doing a firewall on that ;-) You could even dump the 2500 in favor of one of ET's sync serial cards. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606241351.IAA05446>