[ocdtrekkie]

This is perfectly reasonable if you provide internal network time, and you don't want people using your network for illegal activity. At work we don't block "all UDP", but we block anything QUIC, anything classified as a VPN or proxy, and anything like DoH which is intended to obscure visibility into network usage.

Organizations who are not doing this are not adequately managing their network.

[srj]

Isn't it kind of creepy that you manage which websites people can visit and spy on their usage? I disagree that this is needed for "adequately managing their network."

[ocdtrekkie]

Generally we don't monitor activity, we just filter it. As I say "I'm an engineer, not the HR department". But there's significant legal and reputational risk to not preventing illegal activity from your network, and major security risks to not blocking malicious content from things like ad companies. Unsurprisingly, the lead pusher of HTTP/3 and QUIC is the world's most pervasive ad company.

[throwawaymaths]

Maybe if you're an ISP. If you're a uni, a govt agency, a workplace, maybe not.

[yencabulator]

What's the point of blocking QUIC but not TCP port 443?