Ingress filtering on transits, peers, and IX ports

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Randy Bush
> Sent: Tuesday, October 20, 2020 6:19 AM
> 
> term blocked-ports {
>     from {
> 	protocol [ tcp udp ];
> 	first-fragment;
> 	destination-port
> 	    [ 0 sunrpc 135 netbios-ns netbios-dgm netbios-ssn 111 445 syslog
> 11211];
> 	}
>     then {
> 	sample;
> 	discard;
> 	}
>     }
> 
Actually what's the latest in the net neutrality talks? Shouldn't these be
just rate-limited rather than blocked? -transit traffic.
(assuming ICMP is the only thing that can talk to infrastructure ranges &
BGP to selected IPs with rest being dropped)

adam

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]