9 Aug
2021
9 Aug
'21
3:55 a.m.
Le 03/08/2021 à 01:49, Tony Langdon via 44Net a écrit :
I'd like relatively right connectivity between
my
BGP and intranet subnets, and possibly other BGP routed subnets, but no
connection (generally) to the wider Internet from my part of the intranet.
As I often say, don't confuse "routing" and "firewalling". Those
are two
separated topics, that should IMHO be handled separately :
- Connectivity between BGP, Intranet and maybe other local/extranet
subnets is a matter of routing (which implies a coherent addressing
policy, and probably, some renumbering at some point)
- What kind of traffic is allowed / forbidden is a matter of firewall
rules. Those rules may differ between countries, user groups or specific
situations.
If the lack of a route is a common way to prevent users from reaching
"forbidden" addresses, it's not IMHO the good way of doing things, HI :-)