Once upon a time, Fred Baker <fred@cisco.com> said:
On Jun 15, 2009, at 1:16 PM, Quinn Mahoney wrote:
Or use this script which null routes the traffic (I guess it's not a big deal getting the syn packets, as long as the mail won't send because of the null route)
I you are using uRPF, the SYN packets won't get through either, because they came from an interface other than the null interface. Not so helpful interddomain, but it protects your customers from each other (as BCP 38 does in other cases).
Not true for JUNOS; "discard" routes are still in the forwarding table and are treated as a valid destination when it comes to loose-mode uRPF. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.