2.1.0 0.0.0.255
Permits any address to
travel to the 10.2.1.0/24
network
Edge(config)#interface fastethernet 0/0 Moves to interface
con?¬?guration mode
106 Using ACLs to Filter Network Traf?¬?c to Mitigate Threats
IP Address Spoo?¬?ng: Outbound
As a rule, you should not allow any outbound IP packets with a source address other than a
valid IP address of the internal network. Refer to Figure 5-12 for the network topology upon
which the following con?¬?gurations are based.
Edge(config-if)#ip access-group 101 in Takes all access list lines
that are de?¬?ned as being
part of group 101 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#
Edge(config)#access-list 102 permit ip
10.2.1.0 0.0.0.255 any
Permits packets with a
source address of 10.2.1.x
to travel to the internal
network
Edge(config)#access-list 102 deny ip any any
log
Denies all packets from
any source to reach any
destination, and logs any
instance in which this
statement was used
NOTE: The second line
of this access list is
almost identical to the
implicit deny statement.
So why use it? The
statement also has the
log argument added to
it, which the implicit
deny statement does not
have.
Pages:
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100