Thomas Kernen wrote: > > Andre > > I take it you mean that RFC1918 or other bogons that are not assigned by > IANA to any registry are okay to filter vs assigned/allocated IP space > to/from the registeries should not be filtered.
Yes, exactly. In my opinion also the aggregating filtering on min allocation sizes IP-Plus is doing is wrong. The problem with default deny everthing unless allowed is always that you have to readjust this kind of filter all the time. And you might miss some update or you are on vacation or... I deny </7 and >/25 plus the RFC1918 and DHCP space but allow everything else. The risk to miss a change or new allocation is almost zero and it works right away. -- Andre ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
