--- Ben Nagy <[EMAIL PROTECTED]> wrote: > Best practice would be to block all outgoing traffic > (on the serial) at > each POP that does not fall into the netblock that > you have assigned to > it.
Thats cool. Should I worry about multicast addresses; would best practice indicate an allow rule for this along with your example ? Traffic is that of a statewide ISP with OC connectivity. I am going to set Snort to sniff for multicast traffic to see if it is there, but am conserned with following best practice. james __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls