There are a lot of old router filters from old projects in the campus router. Things have added up over the years. When a project is completed then the router filters are not cleaned up. This is a proposed work-flow to how to clean up rules:
- Identify who is responsible (Local IT) for the Vlan and Subnets on that Vlan.
Here on BMC BMC-IT usually know what is going on on the Campus-router. On the BMC-hall-router this is handled by Netsupport.
- Inform all involved. This is usually the Local IT but there may be for example research groups that are responsible for their equipment and usage.
- Use the usage history information of the Vlan and subnets to find out what IPs are in use and hopefully for what purpose. Use information from the router filters to match this with the filter rules.
- Remove rules not needed.
- Document for what purpose as a comment in the router filters, for all rules that are left.
- Add default block for all incoming TCP/UDP for everyting that is not opened with a rule.