wg-multicast - Re: Firewall ruleset/ACL best practice
Subject: All things related to multicast
List archive
- From: Marshall Eubanks <>
- To: Bruce Curtis <>
- Cc: wg-multicast <>
- Subject: Re: Firewall ruleset/ACL best practice
- Date: Wed, 9 May 2007 19:38:19 -0400
On May 9, 2007, at 5:16 PM, Bruce Curtis wrote:
On May 9, 2007, at 1:16 PM, Bayly, Thomas G. wrote:
Does anyone have a best practice rule set to apply to firewalls that permits end users to receive multicast content but not source it? And likewise for router ACL's?
In a router you want to block 232.0.0.0/4 outbound but not inbound, which is generally pretty simple.
Regards
Marshall
Cheers,
Tom Bayly
Information Technology Services
University Support Building II
Pennsylvania State University
The answers to Lab 7 in the Internet2 Multicast Workshop have some example access-lists to prevent TCP or ICMP scanning of the multicast IP range from creating state. The access lists could be modified to block all multicast traffic rather than just TCP or ICMP.
http://multicast.internet2.edu/workshops/minneapolis/
But the access lists will still need to allow IGMP packets so that clients can join groups and receive multicast.
---
Bruce Curtis
Certified NetAnalyst II 701-231-8527
North Dakota State University
- Firewall ruleset/ACL best practice, Bayly, Thomas G., 05/09/2007
- Re: Firewall ruleset/ACL best practice, Leonard Giuliano, 05/09/2007
- Re: Firewall ruleset/ACL best practice, Bruce Curtis, 05/09/2007
- Re: Firewall ruleset/ACL best practice, Marshall Eubanks, 05/09/2007
- Re: Firewall ruleset/ACL best practice, debbie fligor, 05/10/2007
- Re: Firewall ruleset/ACL best practice, Leonard Giuliano, 05/10/2007
- Re: Firewall ruleset/ACL best practice, Marshall Eubanks, 05/10/2007
- Re: Firewall ruleset/ACL best practice, jf, 05/16/2007
- Re: Firewall ruleset/ACL best practice, Marshall Eubanks, 05/10/2007
- Re: Firewall ruleset/ACL best practice, Leonard Giuliano, 05/10/2007
- Re: Firewall ruleset/ACL best practice, debbie fligor, 05/10/2007
- Re: Firewall ruleset/ACL best practice, Marshall Eubanks, 05/09/2007
Archive powered by MHonArc 2.6.16.