Toussaint, I always wanted to visit Corsica,
When I will, I hope to be able to meet you, and also hope I could hop along your island network if I am allowed to use my ham stuff in there.
Do you know if Canada has reciprocity with Corsica?
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Toussaint OTTAVI via 44Net 44net@mailman.ampr.org Envoyé : 11 août 2021 09:45 À : 44net@mailman.ampr.org Cc : Toussaint OTTAVI Objet : Re: [44net] A new era of IPv4 Allocations : Agree
Le 11/08/2021 à 15:15, Ruben ON3RVH via 44Net a écrit :
Pops should not filter or firewall anything except for bogus 44ips bgp subnets, and that is very easily done.
As far as "Internet" address range is directly exposed to wild Internet, as far as end-users are not necessarily aware about that (they used to be behind a NAT router), and as far as some connected devices may not always have all the latest security patches, our gateway firewall does a little bit more : - All incoming traffic except ICMP is blocked by default. Allowed traffic is defined explicitly (f/ex : full access for people who know what they are doing, or opening only the ports needed for the target application ; ssh always closed from "outside" unless specified) - Basic filtering of "bad" IPs (currently based on Firehol blocklists)
Anyway, this is a personal choice. As we (TK1BI, TK4TO, TK5EP, TK1CX) are the only sysadmins for all the island, and as we personally know all of our users (and installed their access routers), we found it simpler and easier to manage firewall rules on the central gateway than individually on every endpoint access router. On a country-wide setup, this may not be doable, anyway, HI :-)
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net