Firewalls in service provider environments

Leigh Porter leigh.porter at ukbroadband.com
Tue Feb 7 15:42:34 CST 2012


> -----Original Message-----
> From: Matthew Reath [mailto:matt at mattreath.com]
> Sent: 07 February 2012 21:34
> To: nanog at nanog.org
> Subject: Firewalls in service provider environments
> 
> All,
> 
> Looking for some recommendations on firewall placement in service
> provider
> environments.  I'm of the school of thought that in my SP network I do
> as
> little firewalling/packet filtering as possible. As in none, 

I had a vendor actually suggest that that ALL my customer traffic should traverse a firewall. I asked why and they said "Ahhh it the internet, must have firewall". I suppose this must have been a great firewall.

So yes I would agree with you, firewall nothing for your customers unless they are paying you for a specific service. Filtering known bad ports, well, what's a known bad port? Bad for one person may be quite important for another. Whilst filtering port 25 outbound may help prevent some bots from emanating spam, it certainly does a lot to annoy other people.

--
Leigh Porter


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________



More information about the NANOG mailing list