Once upon a time, Fred Baker <f...@cisco.com> said: > On Jun 15, 2009, at 1:16 PM, Quinn Mahoney wrote: > >Or use this script which null routes the traffic (I guess it's not a > >big deal getting the syn packets, as long as the mail won't send > >because of the null route) > > I you are using uRPF, the SYN packets won't get through either, > because they came from an interface other than the null interface. Not > so helpful interddomain, but it protects your customers from each > other (as BCP 38 does in other cases).
Not true for JUNOS; "discard" routes are still in the forwarding table and are treated as a valid destination when it comes to loose-mode uRPF. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.