On Jun 20, 2008, at 1:52 PM, mouss wrote:
I've never had an ISP/hoster block bogons, but I've never let them
in. it's part of the first rules in ipf/pf/iptables/router/$FW (and
in both directions. so my networks never send packets with bogon IPs
to the internet). if you don't partition the network correctly,
you'll have a lot of problems trying to deal with such annoyances.
There is no network to partition. Or rather, 99% of my hosts provide
the network, and I have two - total 2 - that provide host services.
I'm not going to build a firewall and move these two hosts behind the
firewall. Sorry, it causes more problems than it solves.
Yes, I could use a local firewall on both hosts. But belt and
suspenders again says why should I trust something that should never
reach me?
(this appears to be diverging into a network design discussion and is
thus irrelevant in scope)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
