OCEANET - C?dric BASSAGET(ced...@oceanet.com) on 2013.10.29 18:27:09 +0100: > Hi, > Simple and general question : > Is it a good thing to run PF on an openbgpd server (for security > reasons), or should I de-activate PF ?
Yes, in general you should: At least to make sure only traffic from your own address space leaves your network, and only traffic to your own address space enters your network, read http://tools.ietf.org/html/bcp38 If you run BGP, chances are that you will have more than one router. In that case you have to consider that a router does not see both directions of the traffic. In that case use either "no state" or sloppy rules. /Benno