If an institution has opted in to the scheme, tcp and udp packets with a destination port number in the range 1024-63999 will be rejected where they enter an institution's network from the CUDN, subject agreed exceptions by IP address or by port. The blocking is introduced in two stages:
- A period of monitoring is undertaken to determine whether the exceptions listed below will be adequate, or whether additional exceptions are needed.
- After agreeing the exceptions with the institution's IT staff, the blocking is activated.
Based on experience to date, the exceptions in the following table are used as a starting point for most institutions. The table may be updated in the light of further experience.
|any/tcp||any||any||any||only for established tcp connections|
|any||any||(e.g. response from nameservers)|