[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: home firewall philosophy govering outgoing traffic

Yes, having a default DENY on the output chain is a bit more work, but it also allows you to do a daily audit of possible problems. It all depends on your determined security stance.

A possible compromise would be to have a default ACCEPT rule, but make ipcahains (or iptables) log all unusual ports. something like

ipchains -P output ACCEPT
ipchains -A output -p tcp -d 80:80 -j RETURN
ipchains -A output -p tcp -d 21:21 -j RETURN
ipchains -A output -d -l

this way you will still allow all ports out, but it will log anything that you specifically have not specified. If you run logcheck or something of the like(recommended) then you will know when something strange is happening almost immediately.


Reply to: