Christopher Pilkington wrote:
Is it common in the industry for a colocation provider, when requested to put
an egress ACL facing us such as:
deny udp any a.b.c.d/24 eq 80
…to refuse and tell us we must subscribe to their managed DDOS product?
We have always accommodated temporary ACL's for active DDOS attacks. I
think that is fairly standard across the ISP/hosting industry.
I do feel it is bad practice to regularly implement customer specific
ACL's on routers. If a customer wants a managed firewall we have a
full range of those services available.
- Kevin
