I have some problem with several users on our network.
The firewall settings are the following:
reject all traffic (incoming, outgoing, forward)
accept several ports.
I don't want them to surf the web so I closed port 80 for all sites except
some (for instance some business related sites).
Now some wiseguys found out that all the reply ports are open
(1023-65535) and they use anonymous proxies around the world.
I closed port 3128 and 8080 (most common). But now they use random ports
with a port-redirector I guess at several boxes outside the company.
I wondered if there is a better ruleset then allowing all high ports