[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    RE: Ingress filtering on transits, peers, and IX ports
From:       <adamv0025 () netconsultings ! com>
Date:       2020-10-23 11:23:21
Message-ID: 1e0401d6a92e$ead86bd0$c0894370$ () netconsultings ! com
[Download RAW message or body]

> Randy Bush
> Sent: Tuesday, October 20, 2020 6:19 AM
> 
> term blocked-ports {
>     from {
> 	protocol [ tcp udp ];
> 	first-fragment;
> 	destination-port
> 	    [ 0 sunrpc 135 netbios-ns netbios-dgm netbios-ssn 111 445 syslog
> 11211];
> 	}
>     then {
> 	sample;
> 	discard;
> 	}
>     }
> 
Actually what's the latest in the net neutrality talks? Shouldn't these be
just rate-limited rather than blocked? -transit traffic.
(assuming ICMP is the only thing that can talk to infrastructure ranges &
BGP to selected IPs with rest being dropped)

adam

[prev in list] [next in list] [prev in thread] [next in thread]