o) Proíbe endereços reservados das redes privativas (RFC-1918):

            access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
            access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
            access-list 101 deny ip 192.168.0.0 0.0.255.255 any log

p) Proíbe o endereço de loopback:

        access-list 101 deny ip 127.0.0.0 0.255.255.255 any log

q) Proíbe o broadcasting (evita ping amplifying - solicitação de mensagem broadcasting):

        access-list 101 deny ip host 255.255.255.255 any log

r) Permite conexões iniciadas internamente (TCP ACK=1):

        access-list 101 permit tcp any any established

s) Proíbe acesso ao TFTP:

        access-list 101 deny udp any any eq 69 log

t) Proíbe acesso ao X-Windows:

        access-list 101 deny tcp any any range 6000 6005 log

        access-list 101 deny udp any any range 6000 6005 log
Copyright © 2014 AIEC.