Re: Ingress filtering on transits, peers, and IX ports

[Randy Bush <randy () psg com>]

term blocked-ports {
    from {
        protocol [ tcp udp ];
        first-fragment;
        destination-port
            [ 0 sunrpc 135 netbios-ns netbios-dgm netbios-ssn 111 445 syslog 11211];
        }
    then {
        sample;
        discard;
        }
    }

and i block all external access to weak devices such as switches, pdus,
ipmi, ...

randy