On 13/8/21 5:08 pm, Rob PE1CHL via 44Net wrote:
Of course they have. They can apply whatever filter they deem necessary on their own router. They can submit their request to have incoming internet traffic and be registered in the address list, and then still drop anything else than what they want to handle.
No need to bring up "but what if the user does not know how to do that, or what if they do not have a router which can do that" because in that case they will not request the internet traffic and by default they won't have it.
There's definite advantages to having it done upstream - traffic management and delegating the "ensuring it works" to people who _really_ know what they're doing.
Sure the implementation could also allow some different classes e.g.
- only some wellknown hamradio services
- webserver
- ...
- everything
Sounds like a nice selection - a mix of the first one and "listed BGP routed subnets" would probably be a fit for me.
It would make it more complex but it could reduce the amount of traffic unnecessarily forwarded to users (over slow links).
Which is a big issue these days. The further upstream this unwanted traffic is stopped, the better for the network.
We also have a "trapdoor" firewall that automatically blocks source addresses that "portscan" 44.137.x.x subnets that are not allocated. So those pesky "researchers" are automatically blocked the first time they hit an unallocated subnet, and as they do their research without first checking how the space is used, that is usually quite quickly. (there are typically about 70000 addresses in that automatic list) Incoming traffic from these addresses is not forwarded at all.
Another good idea!.