Firewaling is the responsibility of the end user and not the routing service.
Routing is what AMPR should keep to and not firewaling. If you don't want to be directly exposed to the internet there are multiple ways, a firewall on the machine directly, a "router" that do NAT and won't forward any traffic except traffic initiated by one machine behind the NAT first. And at the end not having any route that can connect to the rest of the world and not be connected to any network at all. The first one is done easily, the second one is a given. And the other are not really useful at anything.
Now, if you don't want to be accessible from the internet BUT want to be accessible to HAM ONLY traffic, that is another story. In that case, the only way to go is by route. As trying to firewall every thing BUT known HAM ONLY traffic is a lost of time, and it will change almost daily.
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Toussaint OTTAVI via 44Net 44net@mailman.ampr.org Envoyé : 9 août 2021 04:55 À : 44net@mailman.ampr.org Cc : Toussaint OTTAVI Objet : Re: [44net] On Allocations, PoPs, and Proposals
Le 03/08/2021 à 01:49, Tony Langdon via 44Net a écrit :
I'd like relatively right connectivity between my BGP and intranet subnets, and possibly other BGP routed subnets, but no connection (generally) to the wider Internet from my part of the intranet.
As I often say, don't confuse "routing" and "firewalling". Those are two separated topics, that should IMHO be handled separately : - Connectivity between BGP, Intranet and maybe other local/extranet subnets is a matter of routing (which implies a coherent addressing policy, and probably, some renumbering at some point) - What kind of traffic is allowed / forbidden is a matter of firewall rules. Those rules may differ between countries, user groups or specific situations.
If the lack of a route is a common way to prevent users from reaching "forbidden" addresses, it's not IMHO the good way of doing things, HI :-)
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net