|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Network Operators and smurf
On Fri, Apr 24, 1998 at 06:39:28PM -0400, Dean Anderson wrote: > At 5:53 PM -0400 4/24/98, Jay R. Ashworth wrote: > > >It's been my understanding that the knobs are in fact _not_ there, > >Dean, but I'd be happy to be proven wrong. > > On your outbound interface(s): > > access-list 101 permit ip <yournet-1> any out > access-list 101 permit ip <yournet-2> any out > ... > access-list 101 deny ip any any out > > This allows only packets sourced from your networks to be sent. > > Or, another perhaps better way is to only accept packets from your customer > networks which are sourced from those networks. Each customer interface > then has an inbound filter the blocks everything not sourced from your > customers network. > > --Dean And conversely, ..: acce 102 deny ip <yournet> any acce 102 perm ip any any in s0 ip access-g 102 in -- Christopher M Neill -- Network Operations QualNet - We Make the Internet Work for Your Business.(sm) DID: 216-902-5460, Office: 800-466-0088, Fax: 216-623-3566 http://www.qual.net
|