From cde5e96064df84c63f2e9112c1a72a5ec3850266 Mon Sep 17 00:00:00 2001 From: Christoffer Date: Thu, 1 Jun 2017 07:39:01 +0000 Subject: [PATCH 1/5] Add new file --- chapter/ipaddressing.tex | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 chapter/ipaddressing.tex diff --git a/chapter/ipaddressing.tex b/chapter/ipaddressing.tex new file mode 100644 index 0000000..95e12cb --- /dev/null +++ b/chapter/ipaddressing.tex @@ -0,0 +1,3 @@ +\chapter{IP Addressing} + +\lstinputlisting[language=plaintxt]{code/ipaddressblocks.txt} \ No newline at end of file From 764fec0ba48dd663c6c8f1db5910d57da8e3619e Mon Sep 17 00:00:00 2001 From: Christoffer Date: Thu, 1 Jun 2017 07:40:24 +0000 Subject: [PATCH 2/5] Add new file --- code/ipaddressblocks.txt | 58 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 code/ipaddressblocks.txt diff --git a/code/ipaddressblocks.txt b/code/ipaddressblocks.txt new file mode 100644 index 0000000..d8e7ddc --- /dev/null +++ b/code/ipaddressblocks.txt @@ -0,0 +1,58 @@ +Address Block Present Use Reference +-------------------------------------------------------------------- +0.0.0.0/8 "This" Network RFC 1122, Section 3.2.1.3 +10.0.0.0/8 Private-Use Networks RFC 1918 +14.0.0.0/8 Public-Data Networks RFC 1700, page 181 +100.64.0.0/10 Shared Address Space RFC 6598 +127.0.0.0/8 Loopback RFC 1122, Section 3.2.1.3 +169.254.0.0/16 Link Local RFC 3927 +172.16.0.0/12 Private-Use Networks RFC 1918 +192.0.0.0/24 IETF Protocol Assignments RFC 6890, Section 2.1 +192.0.0.0/29 [1] DS-Lite RFC 6333 +192.0.2.0/24 TEST-NET-1 RFC 5737 +192.88.99.0/24 6to4 Relay Anycast RFC 3068 +192.168.0.0/16 Private-Use Networks RFC 1918 +198.18.0.0/15 Network Interconnect + Device Benchmark Testing RFC 2544 +198.51.100.0/24 TEST-NET-2 RFC 5737 +203.0.113.0/24 TEST-NET-3 RFC 5737 +224.0.0.0/4 Multicast RFC 3171 +240.0.0.0/4 Reserved for Future Use RFC 1112, Section 4 +255.255.255.255/32 Limited Broadcast RFC 0919, Section 7 + RFC 0922, Section 7 +::1/128 Loopback Address RFC 4291 +::/128 Unspecified Address RFC 4291 +64:ff9b::/96 IPv4-IPv6 Translat. RFC 6052 +::ffff:0:0/96 IPv4-mapped Address RFC 4291 +100::/64 Discard-Only Address Block RFC 6666 +2001::/23 IETF Protocol Assignments RFC 2928 +2001::/32 TEREDO RFC 4380 +2001:2::/48 Benchmarking RFC 5180 +2001:db8::/32 Documentation RFC 3849 +2001:10::/28 ORCHID RFC 4843 +2002::/16 [2] 6to4 RFC 3056 +fc00::/7 Unique-Local RFC 4193 +fe80::/10 Linked-Scoped Unicast RFC 4291 + + +ip prefix-list permit-lans permit 10.0.0.0/8 ge 24 ! Allow prefixes >=/24 +ip prefix-list permit-lans permit 172.16.0.0/12 ge 24 ! Allow prefixes >=/24 +ip prefix-list permit-lans permit 192.168.0.0/16 ge 24 ! Allow prefixes >=/24 +ip prefix-list permit-lans deny 0.0.0.0/0 le 32 ! Deny everthing else + +ip prefix-list deny-bogons deny 0.0.0.0/8 le 32 ! Block default route +ip prefix-list deny-bogons deny 10.0.0.0/8 le 32 +ip prefix-list deny-bogons deny 100.64.0.0/10 le 32 +ip prefix-list deny-bogons deny 127.0.0.0/8 le 32 +ip prefix-list deny-bogons deny 169.254.0.0/16 le 32 +ip prefix-list deny-bogons deny 172.16.0.0/12 le 32 +ip prefix-list deny-bogons deny 192.0.0.0/24 le 32 +ip prefix-list deny-bogons deny 192.0.2.0/24 le 32 +ip prefix-list deny-bogons deny 192.168.0.0/16 le 32 +ip prefix-list deny-bogons deny 198.18.0.0/15 le 32 +ip prefix-list deny-bogons deny 198.51.100.0/24 le 32 +ip prefix-list deny-bogons deny 203.0.113.0/24 le 32 +ip prefix-list deny-bogons deny 224.0.0.0/4 le 32 +ip prefix-list deny-bogons deny 240.0.0.0/4 le 32 +ip prefix-list deny-bogons deny 0.0.0.0/0 ge 25 ! Block prefixes >/24 +ip prefix-list deny-bogons permit 0.0.0.0/0 le 24 ! Permit prefixes <=/24 From 21cf655deb002a46a2530ac7519841e0236cede2 Mon Sep 17 00:00:00 2001 From: Christoffer Date: Thu, 1 Jun 2017 07:41:24 +0000 Subject: [PATCH 3/5] Update ipaddressblocks.txt --- code/ipaddressblocks.txt | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/code/ipaddressblocks.txt b/code/ipaddressblocks.txt index d8e7ddc..12e5fed 100644 --- a/code/ipaddressblocks.txt +++ b/code/ipaddressblocks.txt @@ -33,26 +33,3 @@ Address Block Present Use Reference 2002::/16 [2] 6to4 RFC 3056 fc00::/7 Unique-Local RFC 4193 fe80::/10 Linked-Scoped Unicast RFC 4291 - - -ip prefix-list permit-lans permit 10.0.0.0/8 ge 24 ! Allow prefixes >=/24 -ip prefix-list permit-lans permit 172.16.0.0/12 ge 24 ! Allow prefixes >=/24 -ip prefix-list permit-lans permit 192.168.0.0/16 ge 24 ! Allow prefixes >=/24 -ip prefix-list permit-lans deny 0.0.0.0/0 le 32 ! Deny everthing else - -ip prefix-list deny-bogons deny 0.0.0.0/8 le 32 ! Block default route -ip prefix-list deny-bogons deny 10.0.0.0/8 le 32 -ip prefix-list deny-bogons deny 100.64.0.0/10 le 32 -ip prefix-list deny-bogons deny 127.0.0.0/8 le 32 -ip prefix-list deny-bogons deny 169.254.0.0/16 le 32 -ip prefix-list deny-bogons deny 172.16.0.0/12 le 32 -ip prefix-list deny-bogons deny 192.0.0.0/24 le 32 -ip prefix-list deny-bogons deny 192.0.2.0/24 le 32 -ip prefix-list deny-bogons deny 192.168.0.0/16 le 32 -ip prefix-list deny-bogons deny 198.18.0.0/15 le 32 -ip prefix-list deny-bogons deny 198.51.100.0/24 le 32 -ip prefix-list deny-bogons deny 203.0.113.0/24 le 32 -ip prefix-list deny-bogons deny 224.0.0.0/4 le 32 -ip prefix-list deny-bogons deny 240.0.0.0/4 le 32 -ip prefix-list deny-bogons deny 0.0.0.0/0 ge 25 ! Block prefixes >/24 -ip prefix-list deny-bogons permit 0.0.0.0/0 le 24 ! Permit prefixes <=/24 From b9633cb20d5f27876ef974ab898a84362308da67 Mon Sep 17 00:00:00 2001 From: Christoffer Date: Thu, 1 Jun 2017 07:42:02 +0000 Subject: [PATCH 4/5] Add new file --- code/prefixlists.cisco.txt | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 code/prefixlists.cisco.txt diff --git a/code/prefixlists.cisco.txt b/code/prefixlists.cisco.txt new file mode 100644 index 0000000..0950494 --- /dev/null +++ b/code/prefixlists.cisco.txt @@ -0,0 +1,21 @@ +ip prefix-list permit-lans permit 10.0.0.0/8 ge 24 ! Allow prefixes >=/24 +ip prefix-list permit-lans permit 172.16.0.0/12 ge 24 ! Allow prefixes >=/24 +ip prefix-list permit-lans permit 192.168.0.0/16 ge 24 ! Allow prefixes >=/24 +ip prefix-list permit-lans deny 0.0.0.0/0 le 32 ! Deny everthing else + +ip prefix-list deny-bogons deny 0.0.0.0/8 le 32 ! Block default route +ip prefix-list deny-bogons deny 10.0.0.0/8 le 32 +ip prefix-list deny-bogons deny 100.64.0.0/10 le 32 +ip prefix-list deny-bogons deny 127.0.0.0/8 le 32 +ip prefix-list deny-bogons deny 169.254.0.0/16 le 32 +ip prefix-list deny-bogons deny 172.16.0.0/12 le 32 +ip prefix-list deny-bogons deny 192.0.0.0/24 le 32 +ip prefix-list deny-bogons deny 192.0.2.0/24 le 32 +ip prefix-list deny-bogons deny 192.168.0.0/16 le 32 +ip prefix-list deny-bogons deny 198.18.0.0/15 le 32 +ip prefix-list deny-bogons deny 198.51.100.0/24 le 32 +ip prefix-list deny-bogons deny 203.0.113.0/24 le 32 +ip prefix-list deny-bogons deny 224.0.0.0/4 le 32 +ip prefix-list deny-bogons deny 240.0.0.0/4 le 32 +ip prefix-list deny-bogons deny 0.0.0.0/0 ge 25 ! Block prefixes >/24 +ip prefix-list deny-bogons permit 0.0.0.0/0 le 24 ! Permit prefixes <=/24 From 157a3cb3546e5bb80347e4fc7e8d3e0ec77e779a Mon Sep 17 00:00:00 2001 From: Christoffer Date: Thu, 1 Jun 2017 07:43:30 +0000 Subject: [PATCH 5/5] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2ed0fbd..3b30f34 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ - [ ] OSPF - [ ] RIP - [ ] PREFIX FILTERS + - [X] Example code - [ ] ASN's ## _Mostly_ done