Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Access List (ACL) to Block Russian and Chinese Nets From Routers

I see people asking if there are premade ACL's to block Chinese and Russian nets from their edge routers. Since I spent so much time creating entries for them based on information received from i decided to share them. They are in the attached Word Docs.

There are alot of entires but since it is in a standard ACL it should not tax your routers too greatly.

Sean Odom

Sybex/Wiley Cisco Author


Re: Access List (ACL) to Block Russian and Chinese Nets From Rou

inline IPS appliances are also good for this sort of thing, especially since they already inspect every packet.

New Member

Re: Access List (ACL) to Block Russian and Chinese Nets From Rou

Well, I'd rather not tax the IPS even further for something that the edge router should be capable taking care of. Especially since the source of the traffic should be denied at the closest managed point.

If you do not want this traffic coming inbound, closest for some would be the edge router. Others may only have their firewall as the closest manageable point.

Suggestion to those that do not manage their edge router would be to compile a list such as the one listed above. Then send it to your provider requesting they place it on this router. Of course this may become a double edge sword in a sense. If there is legit traffic from one of these source IP addresses that you identify down the road, it might be a hassle to get the block resolved.

Or, you can also apply these right there on your firewall as well.

Thank you for providing this list!

New Member

thanks. i'm going trough the

thanks. i'm going trough the document but i can't understand why you don't summarize. :) 

CreatePlease to create content