Very simple. In MT we do an address list of all valid subnets behind the core routers, this would include any prefixes that you own or use, plus any BGP prefixes learned from your customers. Then a simple, out interface (internet) drop if its not SRCed from that list. Not exactly IP tables, but there ya go..
Dennis Burgess, CTO, Link Technologies, Inc. [email protected] <mailto:[email protected]> – 314-735-0270 – www.linktechs.net <http://www.linktechs.net> From: Af [mailto:[email protected]] On Behalf Of Sean Heskett Sent: Monday, January 12, 2015 10:25 AM To: [email protected] Subject: Re: [AFMUG] BCP38 Hey Mike, Would you be willing to post an iptables statement that would drop this traffic? Thanks, Sean On Monday, January 12, 2015, Mike Hammett <[email protected]> wrote: http://www.bcp38.info/index.php/Main_Page Make sure you implement this in your networks. Drop all outbound traffic to your upstream that is not from valid public IP space. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
