Re: Ingress filtering on transits, peers, and IX ports

Randy Bush Mon, 19 Oct 2020 22:20:14 -0700

term blocked-ports {
    from {
        protocol [ tcp udp ];
        first-fragment;
        destination-port
            [ 0 sunrpc 135 netbios-ns netbios-dgm netbios-ssn 111 445 syslog 
11211];
        }
    then {
        sample;
        discard;
        }
    }


and i block all external access to weak devices such as switches, pdus,
ipmi, ...

randy

Re: Ingress filtering on transits, peers, and IX ports

Reply via email to