## page was copied from DnsTemplate
##master-page:HelpTemplate

<<Navigation(children,1)>>

<<TableOfContents()>>
Ingress Filtering for Multihomed Networks
https://datatracker.ietf.org/doc/html/rfc3704

日本語  翻訳内容の正確さは保障できない

https://www5d.biglobe.ne.jp/~stssk/rfc/rfc3704j.html

{{{
"Martian Address" - an address that is reserved [3], 
including any address within 
   0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 
   172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4, or 240.0.0.0/4.
}}}

{{{
2.1.  Ingress Access Lists

An Ingress Access List is a filter that checks the source address of
   every message received on a network interface against a list of acceptable prefixes,
dropping any packet that does not match the filter.
}}}

{{{
While this is by no means the only way to implement and ingress filter,
it is the one proposed by RFC 2827 [1], and in some
   sense the most deterministic one.
}}}

RFC 2827 
== history ==
3.2.  Ingress Filtering to Protect Your Own Infrastructure
{{{
However, unless ingress filtering (or at least, a limited subset of it) 
  has been deployed at every border (towards the customers, peers and upstreams) 
  -- blocking the use of your own addresses as source addresses -- 
  the attackers may be able to circumvent the protections of the infrastructure gear.


   Therefore, by deploying ingress filtering, one does not just help the Internet as a whole, 
   but protects against several classes of threats to your own infrastructure as well.
}}}
----
CategoryDns CategoryWatch CategoryTemplate