nanog mailing list archives

BCP blocking list for edge networks? (was: ingress SMTP)

From: "Jay R. Ashworth" <jra () baylink com>
Date: Wed, 3 Sep 2008 22:27:00 -0400

Ok, mine is actualy even edgier than that; no transit at all, to
paraphrase Steeley Dan.

But does anyone have a pointer to a good set of ports to block in each
direction through my Shorewall DNAT setup, preferably annotated?

On reflection, that's actually only outbound; the necessity to set up
inbound DNAT manually makes it a default-deny environment, which is one
of the reasons that some people like NAT as a component of an edge
firewall.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

             Those who cast the vote decide nothing.
             Those who count the vote decide everything.
               -- (Josef Stalin)

Current thread:

BCP blocking list for edge networks? (was: ingress SMTP) Jay R. Ashworth (Sep 03)