[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Traffic destined for 100.114.128.0/24
On 9/Apr/20 15:24, Tom Hill wrote:
> Short answer: filter 100.64.0.0/10 from your upstreams, as you would
> 192.168.0.0/16 or 10.0.0.0/8.
I was trying to remind myself what we did back in the day. Looks like
that's been in on our end for yonks:
tinka at all.boxes-re0# show firewall family inet filter filter-incoming
term 10 {
   from {
       source-address {
           10.0.0.0/8;
           100.64.0.0/10;
           127.0.0.0/8;
           169.254.0.0/16;
           172.16.0.0/12;
           192.0.2.0/24;
           192.42.172.0/24;
           192.168.0.0/16;
           198.18.0.0/15;
           198.51.100.0/24;
           203.0.113.0/24;
           41.87.96.0/19;
           41.206.96.0/19;
           41.217.212.0/22;
           105.16.0.0/12;
       }
       destination-address {
           0.0.0.0/0;
       }
   }
   then {
       count filter-incoming-anti-spoofing-counter;
       syslog;
       discard;
   }
}
term 65535 {
   then {
       policy-map UPSTREAM-TRAFFIC-INBOUND;
       forwarding-class best-effort;
       accept;
   }
}
{master}[edit]
tinka at all.boxes-re0#
>
> Longer answers will no doubt be available. :)
As the Afrikaaners say, "Finish & Klaar" :-).
Mark.