Mark, > One think I haven't seen mentions w.r.t. firewalls is protecting > the rest of the world from compromised home machines. While ISP's > should be doing BCP 38 filtering, CPE devices should also be > filtering outgoing traffic that is not from a valid prefix. The > border CPE also needs to filter ULA sourced traffic. > > Similary, if you are going to have a squishy inside, you need to > filter attempts to spoof internal sources. > > Even if you open up the firewall to allow incoming from anywhere, > these filters should require a second step to be taken to be removed.
RFC6204, ULA-4, S-2 cheers, Ole _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet