[j-nsp] Firewall filter using a prefix-list, not updating
Justin M. Streiner
streiner at cluebyfour.org
Mon Mar 5 10:47:28 EST 2012
On Mon, 5 Mar 2012, Saku Ytti wrote:
> So maybe you're stopping your DSL users from spamming by allowing TCP/25 to
> your SMTPd and then denying other TCP/25 then allowing rest. This should
> not be done in JunOS in IPv6, as it can be easily bypassed. Or any other
> situation, where you deny something and permit later rest.
At this point I'm inclined to say -1 for Juniper.
I don't have any Trio at my border at this point.
With this in mind, do you have any recommendations for deploying a sane
IPv6 ingress/egress filter policy on Juniper gear?
jms
More information about the juniper-nsp
mailing list