Re: home firewall philosophy govering outgoing traffic
Yes, having a default DENY on the output chain is a bit more work, but
it also allows you to do a daily audit of possible problems. It all
depends on your determined security stance.
A possible compromise would be to have a default ACCEPT rule, but make
ipcahains (or iptables) log all unusual ports. something like
ipchains -P output ACCEPT
ipchains -A output -p tcp -d 0.0.0.0/0 80:80 -j RETURN
ipchains -A output -p tcp -d 0.0.0.0/0 21:21 -j RETURN
...
ipchains -A output -d 0.0.0.0/0 -l
this way you will still allow all ports out, but it will log anything
that you specifically have not specified. If you run logcheck or
something of the like(recommended) then you will know when something
strange is happening almost immediately.
-mike
Reply to: