Re: home firewall philosophy govering outgoing traffic

["Eric N. Valor" <eric.valor@lutris.com>]

That sounds like a great compromise - it gives you the logging required 
without the hassle of interrupted traffic.  The only drawback seems to be 
that your log files will initially get quite full while you tune the 
rules.  Not a bad idea though.  Thanks for the suggestion!


At 01:05 PM 6/15/2001 -0400, Mike Furr wrote:

> > Yes, having a default DENY on the output chain is a bit more work, but it 
> > also allows you to do a daily audit of possible problems.  It all depends 
> > on your determined security stance.
>
> A possible compromise would be to have a default ACCEPT rule, but make 
> ipcahains (or iptables) log all unusual ports.  something like
>
> ipchains -P output ACCEPT
> ipchains -A output -p tcp -d 0.0.0.0/0 80:80 -j RETURN
> ipchains -A output -p tcp -d 0.0.0.0/0 21:21 -j RETURN
> ...
> ipchains -A output -d 0.0.0.0/0 -l
>
> this way you will still allow all ports out, but it will log anything that 
> you specifically have not specified.  If you run logcheck or something of 
> the like(recommended) then you will know when something strange is 
> happening almost immediately.
>
> -mike
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--
Eric N. Valor
Webmeister/Inetservices
Lutris Technologies
eric.valor@lutris.com

- This Space Intentionally Left Blank -