[NCLUG] Egress Filtering
mike cullerton
michaelc at cullerton.com
Tue Aug 14 11:54:29 MDT 2001
on 8/14/01 11:26 AM, Quent at quent at pobox.com wrote:
> Of course there's no answer to this; it depends on the situation. Where I
> work we have some pretty huge pipes where filtering just isn't too practical.
> It's like hooking a garden hose to a water main :-)
hmmm... to me, it's more like running the water through a screen.
if you already have some filtering in place, adding
filter 10.0.0.0/8
filter 172.16.0.0/12
filter 192.168.0.9/16
to the beginning of your filter won't add a discernable (sp?) load.
also, depending on the networks you have and your ability to aggregate them,
adding
filter <!my ip block>
shouldn't add much of a load either.
really large networks with lots of ip space should have staff in place to
manage the network, including a way to manage the list of allowed network
addresses. (not to mention a router that can handle the load)
my $.02
mike
btw, frii filtered when i worked there.
-- mike cullerton michaelc at cullerton.com
More information about the NCLUG
mailing list