Re: home firewall philosophy govering outgoing traffic
That sounds like a great compromise - it gives you the logging required
without the hassle of interrupted traffic. The only drawback seems to be
that your log files will initially get quite full while you tune the
rules. Not a bad idea though. Thanks for the suggestion!
At 01:05 PM 6/15/2001 -0400, Mike Furr wrote:
Yes, having a default DENY on the output chain is a bit more work, but it
also allows you to do a daily audit of possible problems. It all depends
on your determined security stance.
A possible compromise would be to have a default ACCEPT rule, but make
ipcahains (or iptables) log all unusual ports. something like
ipchains -P output ACCEPT
ipchains -A output -p tcp -d 0.0.0.0/0 80:80 -j RETURN
ipchains -A output -p tcp -d 0.0.0.0/0 21:21 -j RETURN
ipchains -A output -d 0.0.0.0/0 -l
this way you will still allow all ports out, but it will log anything that
you specifically have not specified. If you run logcheck or something of
the like(recommended) then you will know when something strange is
happening almost immediately.
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
Eric N. Valor
- This Space Intentionally Left Blank -