- Previous message: Michael Loftis: "Re: Sober"
- Maybe in reply to: John S. Bucy: "blocking unallocated subnets"
- Next in thread: Noel: "Re: blocking unallocated subnets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Rob Thomas (no email)
Date: Fri Dec 02 2005 - 15:14:11 EST
Hi, Randy.
] > Another option is to automate the updates and leave the hard work
] > to us!
]
] the op was discussing port-specific filtering for dns only. could
] you explain how i can automake my /etc/ipfw.rules leaving the hard
] work to you? e.g.
There are often subtle relationships when it comes to filtering.
While the DNS name servers may have no such filters, they are
unreachable due to filters on upstream routers. So we try to
provide as wide a set of filters as possible.
] add deny udp from 203.49.118.0/24 to any 53
Now that is a set of filters we don't make available. I'll see
if I can create another page for IPFW filters. I should do the
same for IPF as well.
You could Zebra peer with the Bogon route-servers and accept
these prefixes as null routes. I've used null routes on servers
frequently, but I've not tried the combination before. Take it
with a grain of salt. :)
Thanks,
Rob.
-- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);
|
|
|