Options

WILDCARD MASKS

Mr.PingMr.Ping Member Posts: 16 ■□□□□□□□□□
in CCNP
Hi people.

Am trying to understand some IOS firewall configs.

Can someone help me interpret these two lines?

access-list 102 deny host 255.255.255.255 any
access-list 102 deny host 0.0.0.0 any

Given that 'host' means a mask of 0.0.0.0

is it correct to rewrite them as

access-list 102 deny 255.255.255.255 0.0.0.0 any
access-list 102 deny 0.0.0.0 0.0.0.0 any ?

Does it then mean that the ACL is denying traffic from the hosts with ip addresses 255.255.255.255 and 0.0.0.0? If so,How are such IP's assigned to a host?

Any help is appreciated.
You were born to lead but have to become a leader just like you were born male but have to become a man-Myles Munroe.
· Share on FacebookShare on Twitter

Comments

  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    The case here is there should never be an address of 255.255.255.255 or 0.0.0.0 as the source IP address of a packet. The ACL you have shown is intended to drop traffic that has a spoofed (fake) source IP address of 255.255.255.255 or 0.0.0.0
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    Mr.PingMr.Ping Member Posts: 16 ■□□□□□□□□□
    Thanks DTLOKEE. Any ideas on which applications can assign such ip's?
    You were born to lead but have to become a leader just like you were born male but have to become a man-Myles Munroe.
    · Share on FacebookShare on Twitter
  • Options
    rjbarlowrjbarlow Member Posts: 411
    dtlokee wrote:
    The case here is there should never be an address of 255.255.255.255 or 0.0.0.0 as the source IP address of a packet. The ACL you have shown is intended to drop traffic that has a spoofed (fake) source IP address of 255.255.255.255 or 0.0.0.0
    Woohooo!!! Hi dt, some time I jump into this section of the forum and this question got me (very) perplexed..... :P
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.