[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall-troubleshooting

On 3 Jul 2005, Steve Kemp wrote:
> On Sat, Jul 02, 2005 at 04:46:29PM -0400, KC wrote:

[...]

> One thing did stand out though, you don't allow outgoing connections
> generally.  These lines:
>
>> iptables --policy OUTPUT DROP
>> iptables -t nat --policy OUTPUT DROP
>> iptables -t mangle --policy OUTPUT DROP
>
> They seem to say "no output except that which is explictly allowed".
>
> For a big network I too would restrict outgoing connections, but for
> a home machine with only trusted hosts? It's an additional complication
> which doesn't gain you much.
>
> (Sure if you had a trojan which phoned home, or tried to compromise
> other hosts .. it would help.  But .. in general it less useful than
> it appears).

...you mean, like every one of the increasingly popular remote control
trojans that infest Windows machines?

Alternately, the variety of IRC remote-controlled things that get
installed after some automated exploit of a hole in your Linux/Unix
machines?

Believe me, you *do* benefit from having this sort of protection for
small home network -- in some cases, *more* than you do for large
organisations, since they often have rules to stop people doing (too
much) stupid stuff...

      Daniel

-- 
Nothing is more beautiful than the loveliness of the woods before sunrise.
        -- George Washington Carver
Reply to: