nanog mailing list archives
RE: Firewalls in service provider environments
From: Leigh Porter <leigh.porter () ukbroadband com>
Date: Tue, 7 Feb 2012 21:42:34 +0000
-----Original Message----- From: Matthew Reath [mailto:matt () mattreath com] Sent: 07 February 2012 21:34 To: nanog () nanog org Subject: Firewalls in service provider environments All, Looking for some recommendations on firewall placement in service provider environments. I'm of the school of thought that in my SP network I do as little firewalling/packet filtering as possible. As in none,
I had a vendor actually suggest that that ALL my customer traffic should traverse a firewall. I asked why and they said "Ahhh it the internet, must have firewall". I suppose this must have been a great firewall. So yes I would agree with you, firewall nothing for your customers unless they are paying you for a specific service. Filtering known bad ports, well, what's a known bad port? Bad for one person may be quite important for another. Whilst filtering port 25 outbound may help prevent some bots from emanating spam, it certainly does a lot to annoy other people. -- Leigh Porter ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
Current thread:
- Firewalls in service provider environments Matthew Reath (Feb 07)
- RE: Firewalls in service provider environments Leigh Porter (Feb 07)
- RE: Firewalls in service provider environments Matthew Reath (Feb 07)
- Re: Firewalls in service provider environments William Herrin (Feb 07)
- Re: Firewalls in service provider environments Matthew Reath (Feb 07)
- Re: Firewalls in service provider environments Matt Buford (Feb 07)
- Re: Firewalls in service provider environments Matthew Reath (Feb 08)
- Re: Firewalls in service provider environments Christopher Morrow (Feb 08)
- Re: Firewalls in service provider environments Matthew Reath (Feb 08)
- Re: Firewalls in service provider environments Henry Yen (Feb 08)
- Re: Firewalls in service provider environments David Walker (Feb 09)
- RE: Firewalls in service provider environments Matthew Reath (Feb 07)
- RE: Firewalls in service provider environments Leigh Porter (Feb 07)
- RE: Firewalls in service provider environments George Bonser (Feb 07)