03-03-2008 12:51 PM - edited 03-05-2019 09:30 PM
I'm about to put this ACL on a border gateway on my interface to my ISP.
access-list 120 remark Only applied to g0/0
access-list 120 remark Prevents Pings to router
access-list 120 remark Allow Ping from Cogent Ops only
access-list 120 permit icmp 66.28.3.0 0.0.0.255 host 38.112.22.150
access-list 120 permit icmp 66.250.250.0 0.0.0.255 host 38.112.22.150
access-list 120 permit icmp 130.117.19.0 0.0.0.255 host 38.112.22.150
access-list 120 remark denies all other ICMP PINGs
access-list 120 deny icmp any any echo log
access-list 120 deny icmp any any traceroute log
access-list 120 deny ip 10.0.0.0 0.255.255.255 any log
access-list 120 deny ip 172.16.0.0 0.15.255.255 any log
access-list 120 deny ip 192.168.0.0 0.0.255.255 any log
access-list 120 deny ip host 255.255.255.255 any log
access-list 120 deny ip 198.182.xxx.0 0.0.0.255 any log
access-list 120 deny ip 198.182.xxx.0 0.0.0.255 any log
access-list 120 deny ip 198.182.xxx.0 0.0.0.255 any log
access-list 120 permit ip any any
Does anyone see any problems with this one? I'm not very good with ACL's yet.
Solved! Go to Solution.
03-03-2008 12:59 PM
Hi
Thanks for the clarification. Perfectly reasonable thing to do.
Jon
03-03-2008 12:55 PM
Hi Roland
Looks fine to me. Is this going to be applied inbound on the outside interface of your border router.
Only query is what are 198.182.xxx.0 addresses ?
Jon
03-03-2008 12:57 PM
It's going to be applied inbound. The 198.182.xxx.0 are my network addresses. I want to do this so my router doesn't accept a packet with a source address of my network from the Internet.
03-03-2008 12:59 PM
Hi
Thanks for the clarification. Perfectly reasonable thing to do.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide