Hi,

Yes, but include the Anti-Spoofing. If your IOS support Extended ACL, try this (remove remarks after !);

!

! Extended ACL

ip access-list extended BOGONS

remark Deny All Non-Allocated IPv4 Blocks (Secure BGP Template Version 5.0 29 October 2007).

! Anti-Spoofing. Do not use this if CEF has been configured to take care of Spoofing.

deny ip 208.x.x.x 0.0.3.255 any

! Bogons

deny ip 0.0.0.0 0.255.255.255 any

deny ip 1.0.0.0 0.255.255.255 any

deny ip 2.0.0.0 0.255.255.255 any

deny ip 5.0.0.0 0.255.255.255 any

deny ip 10.0.0.0 0.255.255.255 any

deny ip 23.0.0.0 0.255.255.255 any

deny ip 27.0.0.0 0.255.255.255 any

deny ip 31.0.0.0 0.255.255.255 any

deny ip 36.0.0.0 0.255.255.255 any

deny ip 37.0.0.0 0.255.255.255 any

deny ip 39.0.0.0 0.255.255.255 any

deny ip 42.0.0.0 0.255.255.255 any

deny ip 46.0.0.0 0.255.255.255 any

deny ip 49.0.0.0 0.255.255.255 any

deny ip 50.0.0.0 0.255.255.255 any

deny ip 100.0.0.0 0.255.255.255 any

deny ip 101.0.0.0 0.255.255.255 any

deny ip 102.0.0.0 0.255.255.255 any

deny ip 103.0.0.0 0.255.255.255 any

deny ip 104.0.0.0 0.255.255.255 any

deny ip 105.0.0.0 0.255.255.255 any

deny ip 106.0.0.0 0.255.255.255 any

deny ip 107.0.0.0 0.255.255.255 any

deny ip 108.0.0.0 0.255.255.255 any

deny ip 109.0.0.0 0.255.255.255 any

deny ip 110.0.0.0 0.255.255.255 any

deny ip 111.0.0.0 0.255.255.255 any

deny ip 112.0.0.0 0.255.255.255 any

deny ip 113.0.0.0 0.255.255.255 any

deny ip 127.0.0.0 0.255.255.255 any

deny ip 169.254.0.0 0.0.255.255 any

deny ip 172.16.0.0 0.15.255.255 any

deny ip 173.0.0.0 0.255.255.255 any

deny ip 174.0.0.0 0.255.255.255 any

deny ip 175.0.0.0 0.255.255.255 any

deny ip 176.0.0.0 0.255.255.255 any

deny ip 177.0.0.0 0.255.255.255 any

deny ip 178.0.0.0 0.255.255.255 any

deny ip 179.0.0.0 0.255.255.255 any

deny ip 180.0.0.0 0.255.255.255 any

deny ip 181.0.0.0 0.255.255.255 any

deny ip 182.0.0.0 0.255.255.255 any

deny ip 183.0.0.0 0.255.255.255 any

deny ip 184.0.0.0 0.255.255.255 any

deny ip 185.0.0.0 0.255.255.255 any

deny ip 192.0.2.0 0.0.0.255 any

deny ip 192.168.0.0 0.0.255.255 any

deny ip 197.0.0.0 0.255.255.255 any

deny ip 223.0.0.0 0.255.255.255 any

deny ip 224.0.0.0 31.255.255.255 any

! Drop all ICMP fragments

deny icmp any any fragments

! Allow IP access to the intranet (firewall filters specific ports)

permit ip any 208.x.x.x 0.0.3.255 any

! Allow multicast to enter.

permit ip any 224.0.0.0 15.255.255.255

! Our explicit drop all rule

deny ip any any

!

! ISP-A

Interface FastEthernet0

ip access-group BOGONS in

!

! ISP-B

Interface FastEthernet0

ip access-group BOGONS in

!

end

Regards,

Dandy