ACLs: Filter for RFC 3330 addresses (192.0.2.0/24)

Information

ACLs (filters) can be used is to mitigate attacks at the data plane. Based on RFC1918/3330 certain blocks of IPs were designated for private networks and as such should not be routed on the Internet.

Solution

Run the following command on the device to configure these ACLs:
configure filter ip-filter <index> entry <number> create
description <description>
match src-ip <dotted-quad>/<block-size>
action drop
exit

See Also

https://infoproducts.alcatel-lucent.com/aces/cgi-bin/dbaccessfilename.cgi/9305050101_V1_SR-OS Security Best Practices v2.0.pdf

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12)

Plugin: Alcatel

Control ID: ee0310284eda9c25c948a86ffed836eb199b546fdcf6dab7c995503a1916955b