[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: home firewall philosophy govering outgoing traffic

>> Yes, having a default DENY on the output chain is a bit more work,
>> it also allows you to do a daily audit of possible problems.  It all 
>> depends on your determined security stance.
>A possible compromise would be to have a default ACCEPT rule, but make 
>ipcahains (or iptables) log all unusual ports.  something like
>ipchains -P output ACCEPT
>ipchains -A output -p tcp -d 80:80 -j RETURN
>ipchains -A output -p tcp -d 21:21 -j RETURN
>ipchains -A output -d -l
>this way you will still allow all ports out, but it will log anything 
>that you specifically have not specified.  If you run logcheck or 
>something of the like(recommended) then you will know when something 
>strange is happening almost immediately.

would a such logging result in higher load on the machine?
ive have noticed exessive load on one of our routers (zebra/bgp), it has

an load-average of 10 (or more) under DoS-attacks. (or has zebra just a
poor logging system?)

anders gjære
system enginerer
kvalito it 

Reply to: