## Security checklist

- [ ] ssh shut from internet
- [ ] dns shut from internet
- [ ] no source routing
- [ ] rp_filter
- [ ] restrict upstream routing/dns resolvers to associated priv nets?
- [ ] container caps dropped?
- [ ] ssh/telnet passwords
- [ ] no ospf outside core net
- [ ] no traffic between vlans