Home page logo

nanog logo nanog mailing list archives

RE: Firewalls in service provider environments
From: Leigh Porter <leigh.porter () ukbroadband com>
Date: Tue, 7 Feb 2012 21:42:34 +0000

-----Original Message-----
From: Matthew Reath [mailto:matt () mattreath com]
Sent: 07 February 2012 21:34
To: nanog () nanog org
Subject: Firewalls in service provider environments


Looking for some recommendations on firewall placement in service
environments.  I'm of the school of thought that in my SP network I do
little firewalling/packet filtering as possible. As in none, 

I had a vendor actually suggest that that ALL my customer traffic should traverse a firewall. I asked why and they said 
"Ahhh it the internet, must have firewall". I suppose this must have been a great firewall.

So yes I would agree with you, firewall nothing for your customers unless they are paying you for a specific service. 
Filtering known bad ports, well, what's a known bad port? Bad for one person may be quite important for another. Whilst 
filtering port 25 outbound may help prevent some bots from emanating spam, it certainly does a lot to annoy other 

Leigh Porter

This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]