RE: home firewall philosophy govering outgoing traffic

To: <debian-firewall@lists.debian.org>
Subject: RE: home firewall philosophy govering outgoing traffic
From: Anders Gjære <Anders@oslo.kvalito.no>
Date: Fri, 15 Jun 2001 19:20:57 +0200
Message-id: <010B55064719D511AEBD0050048803620D4616@sekunda5.oslo.kvalito.no>

>> Yes, having a default DENY on the output chain is a bit more work,
but 
>> it also allows you to do a daily audit of possible problems.  It all 
>> depends on your determined security stance.
>
>A possible compromise would be to have a default ACCEPT rule, but make 
>ipcahains (or iptables) log all unusual ports.  something like
>
>ipchains -P output ACCEPT
>ipchains -A output -p tcp -d 0.0.0.0/0 80:80 -j RETURN
>ipchains -A output -p tcp -d 0.0.0.0/0 21:21 -j RETURN
>...
>ipchains -A output -d 0.0.0.0/0 -l
>
>this way you will still allow all ports out, but it will log anything 
>that you specifically have not specified.  If you run logcheck or 
>something of the like(recommended) then you will know when something 
>strange is happening almost immediately.

would a such logging result in higher load on the machine?
ive have noticed exessive load on one of our routers (zebra/bgp), it has

an load-average of 10 (or more) under DoS-attacks. (or has zebra just a
poor logging system?)

anders gjære
system enginerer
kvalito it

Reply to:

Prev by Date: Re: home firewall philosophy govering outgoing traffic
Next by Date: Re: home firewall philosophy govering outgoing traffic
Previous by thread: Re: home firewall philosophy govering outgoing traffic
Next by thread: Filtering SAMBA
Index(es):
- Date
- Thread