Hi people, Pls, if someone can share an ACL to put in a border router ( facing to internet ) and/or have any comments on this one below -got it somewhere-, let me know.
Andr�s.- -------------------------GENERIC ACL---------------------------------- access-list 101 permit tcp any any established access-list 101 deny udp any any eq netbios-dgm access-list 101 deny udp any any eq netbios-ns access-list 101 deny tcp any any eq 139 access-list 101 permit ip any any ! remark *** bogons (bogus outside networks) deny ip 0.0.0.0 1.255.255.255 any deny ip 2.0.0.0 0.255.255.255 any deny ip 5.0.0.0 0.255.255.255 any deny ip 7.0.0.0 0.255.255.255 any deny ip 10.0.0.0 0.255.255.255 any deny ip 23.0.0.0 0.255.255.255 any deny ip 27.0.0.0 0.255.255.255 any deny ip 31.0.0.0 0.255.255.255 any deny ip 36.0.0.0 1.255.255.255 any deny ip 39.0.0.0 0.255.255.255 any deny ip 41.0.0.0 0.255.255.255 any deny ip 42.0.0.0 0.255.255.255 any deny ip 49.0.0.0 0.255.255.255 any deny ip 50.0.0.0 0.255.255.255 any deny ip 58.0.0.0 1.255.255.255 any deny ip 60.0.0.0 0.255.255.255 any deny ip 70.0.0.0 1.255.255.255 any deny ip 72.0.0.0 7.255.255.255 any deny ip 82.0.0.0 1.255.255.255 any deny ip 84.0.0.0 3.255.255.255 any deny ip 88.0.0.0 7.255.255.255 any deny ip 96.0.0.0 31.255.255.255 any deny ip 169.254.0.0 0.0.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.0.2.0 0.0.0.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip 197.0.0.0 0.255.255.255 any deny ip 198.18.0.0 0.1.255.255 any deny ip 201.0.0.0 0.255.255.255 any deny ip 222.0.0.0 1.255.255.255 any deny ip 224.0.0.0 31.255.255.255 any ! remark *** protocols remark *** legacy small services no longer used deny tcp any any range 0 19 deny udp any any range 0 19 remark *** snmp deny tcp any any range 161 162 deny udp any any range 161 162 deny tcp any any eq 199 deny udp any any eq 199 deny tcp any any eq 391 deny udp any any eq 391 deny tcp any any eq 705 deny udp any any eq 705 deny tcp any any eq 1993 deny udp any any eq 1993 remark *** lan-only dhcp and tftp deny udp any any range 67 69 deny tcp any any range 67 69 remark *** microsoft netbios deny tcp any any range 135 139 deny udp any any range 135 139 deny tcp any any eq 445 deny udp any any eq 445 remark *** SQLSlammer worm deny udp any any eq 1434 remark *** unix rpc deny tcp any any eq 111 deny udp any any eq 111 remark *** lan-only unix services deny tcp any any range 511 515 deny udp any any range 511 515 remark *** ircd deny tcp any any eq 6667 deny udp any any eq 6667 remark *** icmp fragments deny icmp any any fragments remark *** inbound ping permit icmp any any echo remark *** inbound ping response permit icmp any any echo-reply remark *** path MTU to function permit icmp any any packet-too-big remark *** flow control permit icmp any any source-quench remark *** time exceeded messages for traceroute and loops permit icmp any any time-exceeded remark *** block all other ICMP packets deny icmp any any remark *** permit everything else permit ip any any
