nanog mailing list archives
Re: Network Segmentation Approaches
From: "Scott Weeks" <surfer () mauigateway com>
Date: Wed, 6 May 2015 15:30:01 -0700
--- rsk () gsp org wrote: From: Rich Kulawiec <rsk () gsp org> The first rule in every firewall is of course "deny all" and subsequent rulesets permit only the traffic that is necessary. ------------------------------------ I think you got this backward? That way all traffic is blocked, so none is allowed through. Also, deny by default at the end of the rule set is not the best thing for every network that needs a firewall. Some just want to block bad stuff they see and allow everything else. (And some have stated here that they will block entire countries until their culture changes!) scott
Current thread:
- Network Segmentation Approaches nanog1 (May 04)
- Re: Network Segmentation Approaches Rich Kulawiec (May 05)
- Re: Network Segmentation Approaches Mark Andrews (May 05)
- Re: Network Segmentation Approaches Gene LeDuc (May 05)
- Re: Network Segmentation Approaches Mark Andrews (May 05)
- Re: Network Segmentation Approaches Jimmy Hess (May 05)
- Re: Network Segmentation Approaches Stephen Satchell (May 05)
- Re: Network Segmentation Approaches charles (May 06)
- Re: Network Segmentation Approaches Christopher Morrow (May 06)
- Re: Network Segmentation Approaches charles (May 06)
- RE: Network Segmentation Approaches Keith Medcalf (May 05)
- Re: Network Segmentation Approaches Joel Maslak (May 05)
- <Possible follow-ups>
- Re: Network Segmentation Approaches Scott Weeks (May 06)
- Re: Network Segmentation Approaches Rich Kulawiec (May 06)
- Re: Network Segmentation Approaches Andrew Jones (May 06)
- Re: Network Segmentation Approaches Scott Weeks (May 06)
- Re: Network Segmentation Approaches Rich Kulawiec (May 07)
- [no subject] Jimmy Hess via NANOG (May 07)
- Re: Network Segmentation Approaches Rich Kulawiec (May 07)
- Re: Network Segmentation Approaches Scott Weeks (May 06)
- Re: Network Segmentation Approaches Rich Kulawiec (May 05)