> Randy Bush
> Sent: Tuesday, October 20, 2020 6:19 AM
>
> term blocked-ports {
> from {
> protocol [ tcp udp ];
> first-fragment;
> destination-port
> [ 0 sunrpc 135 netbios-ns netbios-dgm netbios-ssn 111 445 syslog
> 11211];
> }
> then {
> sample;
> discard;
> }
> }
>
Actually what's the latest in the net neutrality talks? Shouldn't these be
just rate-limited rather than blocked? -transit traffic.
(assuming ICMP is the only thing that can talk to infrastructure ranges &
BGP to selected IPs with rest being dropped)
adam
