home firewall philosophy govering outgoing traffic
I am setting up a firewall for home use. Behind the firewall will only sit
one (maybe two) computers. My firewall box is running a 2.2.19 kernel with
ipchains. I have been setting up my ipchains ruleset using Robert Ziegler's
Linux Firewalls book as a guide. I have two questions:
1) What are people's thoughts on this book? Are there any mistakes that
people have found? Any suggestions in the sample rulesets that people might
disagree with?
2) More to the point, Ziegler suggests setting the input, output, and
forward default policies to DENY and then decide what to allow through. It
has dawned on me that I can make my rules MUCH simpler by setting the output
chain's default policy to ACCEPT and remove all of the output rules from
the script since philosophically I don't have any interest or
desire to limit what my family members do on the net. As long as I
filter out incoming traffic that I deem dangerous, is there anything to fear
from having the output default policy set to ACCEPT? Or am I missing
something obvious?
Thanks!!
Bryan Walton
--
Bryan K. Walton Network Operations Center Analyst
Berbee...putting the E in business http://www.berbee.com/
GPG fingerprint: BF68 340D A650 E2D7 86B9 FED5 DDFF 3EEE 3229 7B5D
Reply to: