https://insights.profitap.com/osi-7-layers-explained-the-easy-way There are a lot of people comming with solution to the problem that the TAC want to fix. They are comming with solution that are not at the same layer level. This break networking communication. Using a layer 4 software to fix a layer 3 problem wont work. Same as using a layer 3 software wont fix a layer 4 problem. All the layer need to work as intended for a full network to work. TCP and UDP are at level 4 Firewall acts on layer 3 and up. IP is at layer 3 only. routing is a layer 3 task. You can use a firewall to slect what packet pass or not pass up to a point. But at the routing level if you are a link for multiple links. how can you firewall something and not brake routing? how do you make sure that the netwokr you filter with the firewall is really not ok to pass? Judgement call? But at the same time what if the user ask you to do it. One thing is clear, on an open network architecture the local node that pass 3rd party traffic is not to filter any traffic. this woudl break the routing and prevent actual data that to pass on the route that the layer 2 and 3 decided to be the best. But again how to fix a demand of a use that want to have some traffic filtered from the begining? By creating a non open network. And that is the ONLY REAL solution to prevent the breaking of any route at the layer 3 and make sure that the trafic is ligit. All the route are pointing to the non open network and all the node pass all the traffic that need to pass trough them. Client at the end put firewall to prevent some traffic to reach them but they are end of lines not transporting data to 3rd party. I hope this will help removing some of the fog that flow all over the networking talk. Pierre VE2PF