Now we have protection against: SynFlood, ICMP Flood, Port Scan, Email Spam and much more.
ip firewall address-listĪdd address=0.0.0.0/8 comment="Self-Identification " disabled=no list=bogonsĪdd address=10.0.0.0/8 comment="Private - CLASS A # Check if you need this subnet before enable it"\Īdd address=127.0.0.0/8 comment="Loopback " disabled=no list=bogonsĪdd address=169.254.0.0/16 comment="Link Local " disabled=no list=bogonsĪdd address=172.16.0.0/12 comment="Private - CLASS B # Check if you need this subnet before enable it"\Īdd address=192.168.0.0/16 comment="Private - CLASS C # Check if you need this subnet before enable it"\Īdd address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" disabled=no list=bogonsĪdd address=192.88.99.0/24 comment="6to4 Relay Anycast " disabled=no list=bogonsĪdd address=198.18.0.0/15 comment="NIDB Testing" disabled=no list=bogonsĪdd address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" disabled=no list=bogonsĪdd address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" disabled=no list=bogonsĪdd address=224.0.0.0/4 comment="MC, Class D, IANA # Check if you need this subnet before enable it"\ ip firewall address-list add address=x.x.x.x/x disabled=no list=supportīelow we have the bogon list. This subnet will have full access to the router.
Pay attention for all comments before apply each DROP rules.įirst we need to create our ADDRESS LIST with all IPs we will use most timesīelow you need to change x.x.x.x/x for your technical subnet. This script has basic rules to protect your router and avoid some unnecessary forwarding traffic. This is a basic firewall that can be applied to any Router.
0 kommentar(er)
