> On Sep 26, 2016, at 7:47 AM, Stephen Satchell <l...@satchell.net> wrote: > > On 09/26/2016 07:11 AM, Paul Ferguson wrote: >> No -- BCP38 only prescribes filtering outbound to ensure that no >> packets leave your network with IP source addresses which are not >> from within your legitimate allocation. > > So, to beat that horse to a fare-thee-well, to be BCP38 compliant I need, on > every interface sending packets out to the internet, to block any source > address matching a subnet in the BOGON list OR not matching any of my > routeable network subnets? Plus add null-route entries for all the BOGONs in > my routing table so I don't send a bad destination packet to my upstream?
BCP38 only provides for disallowing spoofed packets into the Internet. Any additional filtering against bosons, etc., are probably a good idea, just not including specifically in BCP38. - ferg — Paul Ferguson ICEBRG.io Seattle, Washington, USA
signature.asc
Description: Message signed with OpenPGP using GPGMail
