[107460] in North American Network Operators' Group
BCP blocking list for edge networks? (was: ingress SMTP)
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Wed Sep 3 22:27:09 2008
Date: Wed, 3 Sep 2008 22:27:00 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Ok, mine is actualy even edgier than that; no transit at all, to
paraphrase Steeley Dan.
But does anyone have a pointer to a good set of ports to block in each
direction through my Shorewall DNAT setup, preferably annotated?
On reflection, that's actually only outbound; the necessity to set up
inbound DNAT manually makes it a default-deny environment, which is one
of the reasons that some people like NAT as a component of an edge
firewall.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Josef Stalin)
