nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Ingress filtering on transits, peers, and IX ports

From: <adamv0025 () netconsultings com>
Date: Fri, 23 Oct 2020 12:23:21 +0100
Randy Bush
Sent: Tuesday, October 20, 2020 6:19 AM

term blocked-ports {
    from {
      protocol [ tcp udp ];
      first-fragment;
      destination-port
          [ 0 sunrpc 135 netbios-ns netbios-dgm netbios-ssn 111 445 syslog
11211];
      }
    then {
      sample;
      discard;
      }
    }


Actually what's the latest in the net neutrality talks? Shouldn't these be
just rate-limited rather than blocked? -transit traffic.
(assuming ICMP is the only thing that can talk to infrastructure ranges &
BGP to selected IPs with rest being dropped)

adam
Previous By Date Next
Previous By Thread Next

Current thread: