168.30.0 0.0.0.255 any
Allows inside legitimate
traf?¬?c and prevents
spoo?¬?ng
Router(config)# accesslist 100 permit udp
192.168.30.0 0.0.0.255 any
Allows inside legitimate
traf?¬?c and prevents
spoo?¬?ng
Router(config)# accesslist 100 permit icmp
192.168.30.0 0.0.0.255 any
Allows inside legitimate
traf?¬?c and prevents
spoo?¬?ng
Router(config)# accesslist 100 deny ip any any Allows inside legitimate
traf?¬?c and prevents
spoo?¬?ng
Router(config)#access-list 101 deny ip
192.168.30.0 0.0.0.255 any
Denies a spoofed address
(192.168.30.x/24)
Router(config)#access-list 101 permit icmp any
host 128.107.55.9 echo-reply
Permits returning ICMP
echo reply
Router(config)#access-list 101 permit icmp any
host 128.107.55.9 time-exceeded
Permits returning ICMP
time-exceeded message
Router(config)#access-list 101 permit icmp any
host 128.107.55.9 unreachable
Permits returning ICMP
host unreachable message
Router(config)#access-list 101 deny ip
10.0.0.0 0.255.255.255 any
Denies public IP 10.0.0.0/8
Con?¬?guring an IOS Firewall from the CLI 141
Step 3: Set Audit Trails and Alerts
Router(config)#access-list 101 deny ip
172.16.0.0 0.15.255.255 any
Denies public IP
172.16.0.0/12
Router(config)#access-list 101 deny ip
192.
Pages:
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128