Public interface ACL

ip access-list extended inbound
  remark Allow BGP
  permit tcp host [BGP Neighbor] eq bgp host [Local BGP Interface]
  permit tcp host [BGP Neighbor] host [Local BGP Interface] eq bgp
  remark Deny Historical Broadcast
  deny ip 0.0.0.0 0.255.255.255 any log
  remark Broadcast
  deny ip host 255.255.255.255 any log
  remark Local Host
  deny ip 127.0.0.0 0.255.255.255 any log
  remark Private Network
  deny ip 10.0.0.0 0.255.255.255 any log
  remark Link Local Networks
  deny ip 169.254.0.0 0.0.255.255 any log
  remark Test Net
  deny ip 192.0.2.0 0.0.0.255 any log
  remark Private Network
  deny ip 192.168.0.0 0.0.255.255 any log
  remark Class D Reserved
  deny ip 224.0.0.0 15.255.255.255 any log
  remark Class E Reserved
  deny ip 240.0.0.0 15.255.255.255 any log
  remark Private Network
  deny ip 172.16.0.0 0.15.255.255 any log
  remark HP Printer Default IP Address
  deny ip 192.0.0.0 0.0.0.255 any log
  remark IANA NS Lab
  deny ip 192.0.127.0 0.0.0.255 any log
  remark IANA Reserved
  deny ip 192.0.0.0 0.0.0.128 any log
  remark Inbound from Own Subnet
  deny ip [Your Public Address Space] any log
  remark Block Traceroute
  deny ip any any option traceroute log
  deny tcp any any eq 27665 log
  deny udp any any eq 31335 log
  deny udp any any eq 27444 log
  deny udp any any eq 31337 log
  deny udp any any eq 31338 log
  deny tcp any any eq 16660 log
  deny tcp any any eq 65000 log
  deny tcp any any eq 33270 log
  deny tcp any any eq 39168 log
  deny tcp any any eq 47017 log
  deny tcp any any range 6711 6712 log
  deny tcp any any eq 6776 log
  deny tcp any any eq 6669 log
  deny tcp any any eq 2222 log
  deny tcp any any eq 7000 log
  deny tcp any any eq 65301 log
  remark Allow Specific ICMP
  permit icmp any host [Local Host for ICMP] echo
  permit icmp any any echo-reply
  permit icmp any any unreachable
  permit icmp any any time-exceeded
  remark Deny all other ICMP
  deny icmp any any log
  remark Allow Traffic to Public Network
  permit ip any [Your Public Address Space]
  remark Deny all other Traffic
  deny ip any any log

Leave a Reply

Your email address will not be published. Required fields are marked *