{"id":34,"date":"2009-06-22T20:50:45","date_gmt":"2009-06-22T18:50:45","guid":{"rendered":"http:\/\/www.ospf.it\/?page_id=34"},"modified":"2009-06-23T00:00:00","modified_gmt":"2009-06-22T22:00:00","slug":"bogon-ip","status":"publish","type":"page","link":"https:\/\/www.ospf.it\/bogon-ip\/","title":{"rendered":"Bogon Ip"},"content":{"rendered":"

Una buona “regola” <\/strong> da inserise nel set di access-list del vostro firewall e’ quella di non accettare traffico dalla interfaccia Wan proveniente da indirizzi di rete privata (RFC-1918), da indirizzi riservati o non ancora assegnati. Ecco la bogon list<\/strong> che vi proponiamo:<\/p>\n

deny ip 0.0.0.0 1.255.255.255 any log-input\r\ndeny ip 2.0.0.0 0.255.255.255 any log-input\r\ndeny ip 5.0.0.0 0.255.255.255 any log-input\r\ndeny ip 7.0.0.0 0.255.255.255 any log-input\r\ndeny ip 10.0.0.0 0.255.255.255 any log-input\r\ndeny ip 23.0.0.0 0.255.255.255 any log-input\r\ndeny ip 27.0.0.0 0.255.255.255 any log-input\r\ndeny ip 31.0.0.0 0.255.255.255 any log-input\r\ndeny ip 36.0.0.0 1.255.255.255 any log-input\r\ndeny ip 39.0.0.0 0.255.255.255 any log-input\r\ndeny ip 41.0.0.0 0.255.255.255 any log-input\r\ndeny ip 42.0.0.0 0.255.255.255 any log-input\r\ndeny ip 49.0.0.0 0.255.255.255 any log-input\r\ndeny ip 50.0.0.0 0.255.255.255 any log-input\r\ndeny ip 58.0.0.0 1.255.255.255 any log-input\r\ndeny ip 60.0.0.0 0.255.255.255 any log-input\r\ndeny ip 70.0.0.0 1.255.255.255 any log-input\r\ndeny ip 72.0.0.0 7.255.255.255 any log-input\r\ndeny ip 82.0.0.0 1.255.255.255 any log-input\r\ndeny ip 84.0.0.0 3.255.255.255 any log-input\r\ndeny ip 88.0.0.0 7.255.255.255 any log-input\r\ndeny ip 96.0.0.0 31.255.255.255 any log-input\r\ndeny ip 169.254.0.0 0.0.255.255 any log-input\r\ndeny ip 172.16.0.0 0.15.255.255 any log-input\r\ndeny ip 192.0.2.0 0.0.0.255 any log-input\r\ndeny ip 192.168.0.0 0.0.255.255 any log-input\r\ndeny ip 197.0.0.0 0.255.255.255 any log-input\r\ndeny ip 198.18.0.0 0.1.255.255 any log-input\r\ndeny ip 201.0.0.0 0.255.255.255 any log-input\r\ndeny ip 222.0.0.0 1.255.255.255 any log-input\r\ndeny ip 224.0.0.0 31.255.255.255 any log-input<\/pre>\n","protected":false},"excerpt":{"rendered":"
Una buona “regola” da inserise nel set di access-list del vostro firewall e’ quella di non accettare traffico dalla interfaccia Wan proveniente da indirizzi di rete privata (RFC-1918), da indirizzi riservati o non ancora assegnati. Ecco la bogon list che vi proponiamo: deny ip 0.0.0.0 1.255.255.255 any log-input deny ip 2.0.0.0 0.255.255.255 any log-input deny […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":2,"comment_status":"open","ping_status":"open","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/pages\/34"}],"collection":[{"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/comments?post=34"}],"version-history":[{"count":3,"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/pages\/34\/revisions"}],"predecessor-version":[{"id":36,"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/pages\/34\/revisions\/36"}],"wp:attachment":[{"href":"https:\/\/www.ospf.it\/wp-json\/wp\/v2\/media?parent=34"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}