One think I haven't seen mentions w.r.t. firewalls is protecting the rest of the world from compromised home machines. While ISP's should be doing BCP 38 filtering, CPE devices should also be filtering outgoing traffic that is not from a valid prefix. The border CPE also needs to filter ULA sourced traffic.
Similary, if you are going to have a squishy inside, you need to filter attempts to spoof internal sources. Even if you open up the firewall to allow incoming from anywhere, these filters should require a second step to be taken to be removed. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet