[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Blocking inbound traffic
 Date:  Thu, 11 Aug 2005 16:52:04 -0400
We have a cisco 1720 border router curently configured to do nothing
but route packets. No filtering. I have been thinking about putting an
"INGRESS" acl list on the serial link to block bogus inbound packets.

http://www.iana.org/assignments/ipv4-address-space

access-list 101 deny ip 0.0.0.0 0.255.255.255 any log-input
access-list 101 deny ip 1.0.0.0 0.255.255.255 any log-input
access-list 101 deny ip 2.0.0.0 0.255.255.255 any log-input
access-list 101 deny ip 5.0.0.0 0.255.255.255 any log-input
{snip}

But instead of applying an "EGRESS" acl to the same cisco serial link,
I was thinking of entering these filters to the LAN & DMZ link of
m0n0wall. I am thinking that if some rogues application is trying to
phone home, by applying the filter to the m0n0wall link(s), I can see
which local host is passing the bad packets. Or would I just apply the
filters to the WAN link?

access-list 102 deny ip any 0.0.0.0 0.255.255.255 log-input
access-list 102 deny ip any 1.0.0.0 0.255.255.255 log-input
access-list 102 deny ip any 2.0.0.0 0.255.255.255 log-input
access-list 102 deny ip any 5.0.0.0 0.255.255.255 log-input
{snip}

Our layout looks like this

--(s0)1720(e0)------m0n0wall----LAN
                       |
                       |
                      DMZ

What are your thoughts ?

Thanks,
-Don