Recent trouble with QUIC?
Stephen Satchell
list at satchell.net
Sat Sep 26 00:43:55 UTC 2015
On 09/25/2015 04:20 PM, Ca By wrote:
> RFO: Google unilaterally deployed a non-standard protocol to our production
> environment, driving up helpdesk calls x%
>
> After action: block udp 80/443 until production ready and standard ratified
> use deployed.
Let me be gentle about this. Why were you allowing 80/udp and 443/udp
in the first place into your production environment?
In my network, I run a mostly-closed firewall, only allowing those ports
that are needed to be forwarded between the inside and outside networks.
I don't have -- or need -- a DMZ here at this time, so I don't have to
worry about that side of the routing triangle. If I did, I would also
run mostly closed between inside/outside and the DMZ.
I'm liberal about opening ports on request, but the ports have to be
requested before I'll allow them in, out, or forwarded.
More information about the NANOG
mailing list