Hello,
Is it meaningfull to prevent acces from the internet to block access to RFC1819 type addresses, once masquerading is used ?
Could a LAN be hacked anyway by packets spoofing internal addresses such as : (as a reminder these are RFC1819 internal type addresses).
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
127.0.0.0/8
224.0.0.0/3
169.254.0.0/16
Thanks for your opinions.
you it is good practice to block incoming connections from bogon ip addresses, and outgoing traffic to these ip’s as well
Thank you Janisk for the answer, I’ll go ahead then and add these rules to our MKs.
I will even search for other “firewall good practices” . If anyone had a ressource to point at.
Thanks again.
There is an excellent article in the wiki which talks about that…