nanog mailing list archives
Re: Application Layer Gateways
From: Jean-Francois Mezei <jfmezei_nanog () vaxination ca>
Date: Sat, 23 Sep 2017 13:33:19 -0400
What you do with the CPE "firewall" settings depends on what sort of ISP you are. Do you cater to geeks or aunts/grand mothers? Whatever you do, I would suggest that you document in a place that is easy for customers to find exactlyt what apps/protocols are open/closed with the settings you've decided on (especially if it deviates from any documentation available on the net for that device) You could consider configuring it by default to protect the aunts and grand mothers, but make sure geeks get the info on how to easily open ports for their apps. Also depends on what you block at the network level. If you block all incoming calls to port 25, then blocking it at the CPE router won't add much resilience against attacks as it is already blocked.
Current thread:
- Application Layer Gateways Colton Conor (Sep 21)
- Re: Application Layer Gateways Ca By (Sep 21)
- Re: Application Layer Gateways Colton Conor (Sep 23)
- Re: Application Layer Gateways Ca By (Sep 23)
- Re: Application Layer Gateways Stephen Satchell (Sep 23)
- Re: Application Layer Gateways Jean-Francois Mezei (Sep 23)
- Re: Application Layer Gateways Colton Conor (Sep 23)
- Re: Application Layer Gateways Ca By (Sep 21)