As agreed with departments and LHC experiments on the last ITSRM meeting , the default configuration of CERN's outer perimeter firewall will be changed such that outgoing traffic from source ports 1-1023/tcp and 1-1023/udp will be blocked by default. Actually, correct usage of the TCP and UDP protocol prevents using those lower ports when establishing a client connection, and, indeed, the current outgoing traffic on those ports is remarkably low. Misconfigured devices, on the other hand, do as they use wrong WINS IP addresses (137.137.16.248 instead of 137.138.16.248) or wrong default routes for SNMP traps. With the closure, such traffic will already be blocked within CERN and without polluting the Internet. These measures will be applied on Tuesday 2012/3/13. Exceptions for NTP might be kept. Existing firewall openings for incoming traffic will not be affected