Based on what we have already covered, we can articulate some best practices for ingress filtering. We want the default (block all traffic) to stand. We need to allow access to ports and nodes for certain services that we are providing. For example, in our example network, we are operating an FTP server. This requires leaving port 21 open on the FTP server's network. In addition, we want to use ingress filtering as a means of preventing denial of service attacks. The best practices for ingress filtering are described in the following Internet Engineering Task Force (IETF) documents:
- Network ingress filtering: Defeating DoS attacks which employ IP source address spoofing (https://tools.ietf.org/html/bcp38 ...