North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: do bogon filters still help?
Florian Weimer wrote:
* Pim van Pelt:Hi, here's a member of 'the folks at bit.nl'. Just a quick note to
Wouldn't you expect to see packets return from the same address you send them to? ICMP and stateful firewalls work much better that way. Our 6to4 relay also soucres packets from 22.214.171.124, it seems to work best that way. Don't filter 126.96.36.199 in any direction unless you want to break 6to4. If you want to limit your exposure you could allow only proto 41 and icmp packets and not break it. If you have native IPv6 on your network you could run a local 6to4 relay for your customers and filter 188.8.131.52/24 to/from your peers. - Kevin