Re: home firewall philosophy govering outgoing traffic

To: debian-firewall@lists.debian.org
Subject: Re: home firewall philosophy govering outgoing traffic
From: Mike Furr <furrm@kenyon.edu>
Date: Fri, 15 Jun 2001 13:05:56 -0400
Message-id: <3B2A4074.8050105@kenyon.edu>
References: <4.3.2.7.2.20010615094643.0397ed00@10.10.40.54>

Yes, having a default DENY on the output chain is a bit more work, butit also allows you to do a daily audit of possible problems. It alldepends on your determined security stance.

A possible compromise would be to have a default ACCEPT rule, but makeipcahains (or iptables) log all unusual ports. something like


ipchains -P output ACCEPT
ipchains -A output -p tcp -d 0.0.0.0/0 80:80 -j RETURN
ipchains -A output -p tcp -d 0.0.0.0/0 21:21 -j RETURN
...
ipchains -A output -d 0.0.0.0/0 -l

this way you will still allow all ports out, but it will log anythingthat you specifically have not specified. If you run logcheck orsomething of the like(recommended) then you will know when somethingstrange is happening almost immediately.


-mike

Reply to:

Follow-Ups:
- Re: home firewall philosophy govering outgoing traffic
  - From: "Eric N. Valor" <eric.valor@lutris.com>

References:
- Re: home firewall philosophy govering outgoing traffic
  - From: "Eric N. Valor" <eric.valor@lutris.com>

Prev by Date: Re: home firewall philosophy govering outgoing traffic
Next by Date: RE: home firewall philosophy govering outgoing traffic
Previous by thread: Re: home firewall philosophy govering outgoing traffic
Next by thread: Re: home firewall philosophy govering outgoing traffic
Index(es):
- Date
- Thread