[149527] in North American Network Operators' Group
RE: Firewalls in service provider environments
daemon@ATHENA.MIT.EDU (Leigh Porter)
Tue Feb 7 16:41:33 2012
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Matthew Reath <matt@mattreath.com>, "nanog@nanog.org" <nanog@nanog.org>
Date: Tue, 7 Feb 2012 21:42:34 +0000
In-Reply-To: <00e97c634d3eccbc93c729dd9287bd3c.squirrel@mail.mattreath.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Matthew Reath [mailto:matt@mattreath.com]
> Sent: 07 February 2012 21:34
> To: nanog@nanog.org
> Subject: Firewalls in service provider environments
>=20
> All,
>=20
> Looking for some recommendations on firewall placement in service
> provider
> environments. I'm of the school of thought that in my SP network I do
> as
> little firewalling/packet filtering as possible. As in none,=20
I had a vendor actually suggest that that ALL my customer traffic should t=
raverse a firewall. I asked why and they said "Ahhh it the internet, must =
have firewall". I suppose this must have been a great firewall.
So yes I would agree with you, firewall nothing for your customers unless =
they are paying you for a specific service. Filtering known bad ports, wel=
l, what's a known bad port? Bad for one person may be quite important for =
another. Whilst filtering port 25 outbound may help prevent some bots from=
emanating spam, it certainly does a lot to annoy other people.
--
Leigh Porter
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
