|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: blocking unallocated subnets
Hi, Randy. ] > Another option is to automate the updates and leave the hard work ] > to us! ] ] the op was discussing port-specific filtering for dns only. could ] you explain how i can automake my /etc/ipfw.rules leaving the hard ] work to you? e.g. There are often subtle relationships when it comes to filtering. While the DNS name servers may have no such filters, they are unreachable due to filters on upstream routers. So we try to provide as wide a set of filters as possible. ] add deny udp from 203.49.118.0/24 to any 53 Now that is a set of filters we don't make available. I'll see if I can create another page for IPFW filters. I should do the same for IPF as well. You could Zebra peer with the Bogon route-servers and accept these prefixes as null routes. I've used null routes on servers frequently, but I've not tried the combination before. Take it with a grain of salt. :) Thanks, Rob. -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);
|