[179754] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Network Segmentation Approaches

daemon@ATHENA.MIT.EDU (Scott Weeks)
Wed May 6 18:30:06 2015

X-Original-To: nanog@nanog.org
Date: Wed, 6 May 2015 15:30:01 -0700
From: "Scott Weeks" <surfer@mauigateway.com>
To: <nanog@nanog.org>
Reply-To: surfer@mauigateway.com
Errors-To: nanog-bounces@nanog.org

--- rsk@gsp.org wrote:
From: Rich Kulawiec <rsk@gsp.org>

The first rule in every firewall is of course 
"deny all" and subsequent rulesets permit only 
the traffic that is necessary.  
------------------------------------

I think you got this backward?  That way all 
traffic is blocked, so none is allowed through.  
Also, deny by default at the end of the rule 
set is not the best thing for every network 
that needs a firewall.  Some just want to block 
bad stuff they see and allow everything else. 
(And some have stated here that they will block 
entire countries until their culture changes!)

scott


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[179754] in North American Network Operators' Group

Re: Network Segmentation Approaches

daemon@ATHENA.MIT.EDU (Scott Weeks)Wed May 6 18:30:06 2015

daemon@ATHENA.MIT.EDU (Scott Weeks)
Wed May 6 18:30:06 2015