The following post will explain one of the recommended method of filtering unwanted traffic from the internet to the internal network.
Most administrators filter RFC-1918 traversing from the internet to internal networks, while they are allowing a list of bogons prefixes which is defined in RFC-3330. These addresses are _not_ publicly assigned, therefore should not see them as source IP destined to your internal network. Furthermore, it is a best practice from a security prospective to filter these ranges in case you are targeted with a spoofing attack.
As a reference to this post, please check RFC-3330 which contains all the prefixes in question.
The following configuration example shows RFC-3330 filtering on a Cisco ASA Firewall.
object-group network RFC-3330 network-object 0.0.0.0 255.0.0.0 network-object 10.0.0.0 255.0.0.0 network-object 22.214.171.124 255.0.0.0 network-object 126.96.36.199 255.0.0.0 network-object 188.8.131.52 255.0.0.0 network-object 127.0.0.0 255.0.0.0 network-object 184.108.40.206 255.255.0.0 network-object 169.254.0.0 255.255.0.0 network-object 172.16.0.0 255.240.0.0 network-object 220.127.116.11 255.255.0.0 network-object 192.0.0.0 255.255.255.0 network-object 192.0.2.0 255.255.255.0 network-object 18.104.22.168 255.255.255.0 network-object 192.168.0.0 255.255.0.0 network-object 198.18.0.0 255.254.0.0 network-object 22.214.171.124 255.255.255.0 network-object 126.96.36.199 240.0.0.0 network-object 240.0.0.0 240.0.0.0
CREATE ACCESSLIST, where the ACL name INTERNET define OUTSIDE interface.
<pre class="code">access-list INTERNET deny ip object-group RFC-3330 any