A logging firewall rule
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Feb 28, 2017 at 9:56 AM, That One Guy /sarcasm < [email protected]> wrote: > How will that identify unroutable IP space? > > On Feb 28, 2017 1:55 AM, "Rob Genovesi" <[email protected]> wrote: > > Create a firewall address list of all known good subnets. > Create a forwarding rule in your firewall to accept known good subnets > to forward from customer side to WAN side > Create a forwarding rule to drop everything else coming from customer > side to WAN side > > /ip firewall address-list add list="customer" address="x.x.x.x/x" > /ip firewall address-list add list="customer" address="y.y.y.y/y" > /ip firewall filter add chain=forward src-address-list="customers" > in-interface="LAN" out-interface="WAN" action="accept" > /ip firewall filter add chain=forward in-interface="LAN" > out-interface="WAN" action="drop" > > You could start with a logging rule for unknown traffic first and > watch for what pops up. > > > -Rob > > > On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasm > <[email protected]> wrote: > > Im mainly looking for IP space that shouldnt be present, DHCP or not. > > I can packet sniff and exclude all configured subnets on that bridge, but > > its a pain > > I didnt know if there was arp monitor or something along those lines. > > collecting gratuitous ARPs or something like that > > > > > > >
