martians.org.uk, jottings down of useful sanity checking for network configurations.
no ip prefix-list nomartians ip prefix-list nomartians seq 1 deny 0.0.0.0/0 #no default ip prefix-list nomartians seq 5 deny 224.0.0.0/3 le 32 #no class D/E or specifics ip prefix-list nomartians seq 10 deny 0.0.0.0/8 le 32 #nothing in 0/8 or specifics ip prefix-list nomartians seq 15 deny 127.0.0.0/8 le 32 #nothing in 127/8 or specifics ip prefix-list nomartians seq 20 deny 10.0.0.0/8 le 32 #RFC1918 ip prefix-list nomartians seq 25 deny 172.16.0.0/12 le 32 #RFC1918 ip prefix-list nomartians seq 30 deny 192
access-list 2026 deny ip 224.0.0.0 31.255.255.255 any #should never see packets FROM this range access-list 2026 deny icmp any any redirect #redirects have no business coming into your network access-list 2026 permit icmp any any ttl-exceeded #dont break traceroute through RFC1918 numbered infrastructure access-list 2026 permit icmp any any packet-too-big #dont break PMTUD through RFC1918 numbered infrastructure access-list 2026 deny ip 10.0.0.0 0.255.255.255 any #RFC2267 access-list 2026 deny ip 172.16.0.0