On 3/7/23 4:34 PM, Lukas Tribus wrote:
I'm trying to educate people that bogon lists do not belong on hosts, firewalls or intermediate routers, despite Team-cymru's aggressive marketing of the opposite, quote:
I don't have any problem with bogon lists being on hosts or intermediate routers. The think that you have to remember to do is to exclude locally significant (100.64/10, RFC 1918, et al.) from those filters /or/ account for them in another way. I have bogons on some hosts /and/ locally significant / more specific routes to 100.64/16 without any problem. Bogons is just a list of IPs that shouldn't be on the open Internet. But that same list can be re-used ~> abused elsewhere without. How that list is used is installation specific. If you're running default free, make sure that you remove the bogon prefixes from your routing tables /and/ /then/ (re)add any locally significant prefixes. The Team Cymru bogon's list is a tool and like all tools, it can be mis-used and become a foot gun. -- Grant. . . . unix || die