Re: Egress filters dropping traffic

[Saku Ytti <saku () ytti fi>]

On (2013-06-30 22:04 +0530), Glen Kent wrote:

> Under what scenarios do providers install egress ACLs which could say for
> eg.
>
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.

Question seems to be 'when do you need to drop packets', I'm sure 10
different people would give 10 different use-cases.

One use-case for this particular ACL is that the interface is used for MGMT
only, so you allow NMS network and drop everything else.

-- 
  ++ytti