Skip to end of metadata
Go to start of metadata


LBLnet, the data network within LBNL, is not protected by a conventional firewall, however certain ports are blocked by default at the Lab's network border. For details on these ports, please see the Perimeter Protection document.

Additionally, the laboratory is protected by a powerful intrusion detection system (IDS) that passively examines every data packet entering and leaving LBNL and compares each one to an evolving list of known and suspicious behaviors and patterns. When harmful or potentially harmful behavior is detected, the participant is blocked. You can query the status of an IP address, MAC address, hostname or domain using the OneStop page to determine if it is blocked.

Modern operating systems contain built-in, host-based firewalls such as Windows Firewall, the MacOS firewall, iptables, pf, ipfw, etc. Configuring a host-based firewall is the recommended approach for most circumstances. Occasionally, groups within LBNL require further data protection. When this is necessary, the LBLnet Services Group provides and supports (on a time-and-material basis) conventional firewall protection or (in special circumstances) router ACLs.


  • For assistance configuring host-based firewalls or to get recommendations for securing your systems: [email protected]
  • For questions or concerns about security: [email protected]