[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP blocking list for edge networks? (was: ingress SMTP)

Subject: BCP blocking list for edge networks? (was: ingress SMTP)
From: jra at baylink.com (Jay R. Ashworth)
Date: Wed, 3 Sep 2008 22:27:00 -0400

Ok, mine is actualy even edgier than that; no transit at all, to
paraphrase Steeley Dan.

But does anyone have a pointer to a good set of ports to block in each
direction through my Shorewall DNAT setup, preferably annotated?

On reflection, that's actually only outbound; the necessity to set up
inbound DNAT manually makes it a default-deny environment, which is one
of the reasons that some people like NAT as a component of an edge
firewall.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Josef Stalin)

Prev by Date: Force10 Gear - Opinions
Next by Date: ingress SMTP
Previous by thread: hosting net guest
Next by thread: BCP38 dismissal
Index(es):
- Date
- Thread