nanog mailing list archives
Re: GRE packets
From: "Paul G. Donner" <pdonner () cisco com>
Date: Wed, 17 Jun 1998 18:23:57 -0400
At 03:23 PM 6/17/98 -0700, Danny McPherson wrote:
Perhaps to combat this, unless I'm missing something, one could justifiably deploy GRE filters with source & destination addresses of the exchange subnets. Filtering GRE in general seems nothing more than foolish.
Or the tunnel termination addresses, which while might be tighter, would probably make the ACLs longer or more complex.
-danny [snip] (we certainly allow GRE packets and expect everyone else does, too)This could kill IP-GRE VPNs indiscriminately.
Current thread:
- GRE packets Eric Germann (Jun 17)
- Re: GRE packets John Hawkinson (Jun 17)
- Re: GRE packets C. Harald Koch (Jun 18)
- Re: GRE packets Paul G. Donner (Jun 17)
- Re: GRE packets Eric Germann (Jun 17)
- <Possible follow-ups>
- Re: GRE packets Danny McPherson (Jun 17)
- Re: GRE packets Paul G. Donner (Jun 17)
- Re: GRE packets Michael Dillon (Jun 17)
- Re: GRE packets Alex Bligh (Jun 18)
- Re: GRE packets Sean Donelan (Jun 17)
- Re: GRE packets Perry E. Metzger (Jun 17)
- Re: GRE packets Sean Donelan (Jun 17)
- Re: GRE packets John Hawkinson (Jun 17)