Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Sanity check on ACL please

I'm about to put this ACL on a border gateway on my interface to my ISP.

access-list 120 remark Only applied to g0/0

access-list 120 remark Prevents Pings to router

access-list 120 remark Allow Ping from Cogent Ops only

access-list 120 permit icmp 66.28.3.0 0.0.0.255 host 38.112.22.150

access-list 120 permit icmp 66.250.250.0 0.0.0.255 host 38.112.22.150

access-list 120 permit icmp 130.117.19.0 0.0.0.255 host 38.112.22.150

access-list 120 remark denies all other ICMP PINGs

access-list 120 deny icmp any any echo log

access-list 120 deny icmp any any traceroute log

access-list 120 deny ip 10.0.0.0 0.255.255.255 any log

access-list 120 deny ip 172.16.0.0 0.15.255.255 any log

access-list 120 deny ip 192.168.0.0 0.0.255.255 any log

access-list 120 deny ip host 255.255.255.255 any log

access-list 120 deny ip 198.182.xxx.0 0.0.0.255 any log

access-list 120 deny ip 198.182.xxx.0 0.0.0.255 any log

access-list 120 deny ip 198.182.xxx.0 0.0.0.255 any log

access-list 120 permit ip any any

Does anyone see any problems with this one? I'm not very good with ACL's yet.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Sanity check on ACL please

Hi

Thanks for the clarification. Perfectly reasonable thing to do.

Jon

3 REPLIES
Hall of Fame Super Blue

Re: Sanity check on ACL please

Hi Roland

Looks fine to me. Is this going to be applied inbound on the outside interface of your border router.

Only query is what are 198.182.xxx.0 addresses ?

Jon

New Member

Re: Sanity check on ACL please

It's going to be applied inbound. The 198.182.xxx.0 are my network addresses. I want to do this so my router doesn't accept a packet with a source address of my network from the Internet.

Hall of Fame Super Blue

Re: Sanity check on ACL please

Hi

Thanks for the clarification. Perfectly reasonable thing to do.

Jon

126
Views
0
Helpful
3
Replies
CreatePlease to create content