Le 03/08/2021 à 01:49, Tony Langdon via 44Net a écrit :
I'd like relatively right connectivity between my BGP and intranet subnets, and possibly other BGP routed subnets, but no connection (generally) to the wider Internet from my part of the intranet.
As I often say, don't confuse "routing" and "firewalling". Those are two separated topics, that should IMHO be handled separately : - Connectivity between BGP, Intranet and maybe other local/extranet subnets is a matter of routing (which implies a coherent addressing policy, and probably, some renumbering at some point) - What kind of traffic is allowed / forbidden is a matter of firewall rules. Those rules may differ between countries, user groups or specific situations.
If the lack of a route is a common way to prevent users from reaching "forbidden" addresses, it's not IMHO the good way of doing things, HI :-)