[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: home firewall philosophy govering outgoing traffic

That sounds like a great compromise - it gives you the logging required without the hassle of interrupted traffic. The only drawback seems to be that your log files will initially get quite full while you tune the rules. Not a bad idea though. Thanks for the suggestion!

At 01:05 PM 6/15/2001 -0400, Mike Furr wrote:

Yes, having a default DENY on the output chain is a bit more work, but it also allows you to do a daily audit of possible problems. It all depends on your determined security stance.

A possible compromise would be to have a default ACCEPT rule, but make ipcahains (or iptables) log all unusual ports. something like

ipchains -P output ACCEPT
ipchains -A output -p tcp -d 80:80 -j RETURN
ipchains -A output -p tcp -d 21:21 -j RETURN
ipchains -A output -d -l

this way you will still allow all ports out, but it will log anything that you specifically have not specified. If you run logcheck or something of the like(recommended) then you will know when something strange is happening almost immediately.


To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Eric N. Valor
Lutris Technologies

- This Space Intentionally Left Blank -

Reply to: