Bogon Ip

Una buona “regola” da inserise nel set di access-list del vostro firewall e’ quella di non accettare traffico dalla interfaccia Wan proveniente da indirizzi di rete privata (RFC-1918), da indirizzi riservati o non ancora assegnati. Ecco la bogon list che vi proponiamo:

deny ip 0.0.0.0 1.255.255.255 any log-input
deny ip 2.0.0.0 0.255.255.255 any log-input
deny ip 5.0.0.0 0.255.255.255 any log-input
deny ip 7.0.0.0 0.255.255.255 any log-input
deny ip 10.0.0.0 0.255.255.255 any log-input
deny ip 23.0.0.0 0.255.255.255 any log-input
deny ip 27.0.0.0 0.255.255.255 any log-input
deny ip 31.0.0.0 0.255.255.255 any log-input
deny ip 36.0.0.0 1.255.255.255 any log-input
deny ip 39.0.0.0 0.255.255.255 any log-input
deny ip 41.0.0.0 0.255.255.255 any log-input
deny ip 42.0.0.0 0.255.255.255 any log-input
deny ip 49.0.0.0 0.255.255.255 any log-input
deny ip 50.0.0.0 0.255.255.255 any log-input
deny ip 58.0.0.0 1.255.255.255 any log-input
deny ip 60.0.0.0 0.255.255.255 any log-input
deny ip 70.0.0.0 1.255.255.255 any log-input
deny ip 72.0.0.0 7.255.255.255 any log-input
deny ip 82.0.0.0 1.255.255.255 any log-input
deny ip 84.0.0.0 3.255.255.255 any log-input
deny ip 88.0.0.0 7.255.255.255 any log-input
deny ip 96.0.0.0 31.255.255.255 any log-input
deny ip 169.254.0.0 0.0.255.255 any log-input
deny ip 172.16.0.0 0.15.255.255 any log-input
deny ip 192.0.2.0 0.0.0.255 any log-input
deny ip 192.168.0.0 0.0.255.255 any log-input
deny ip 197.0.0.0 0.255.255.255 any log-input
deny ip 198.18.0.0 0.1.255.255 any log-input
deny ip 201.0.0.0 0.255.255.255 any log-input
deny ip 222.0.0.0 1.255.255.255 any log-input
deny ip 224.0.0.0 31.255.255.255 any log-input

top