[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to tell if a Linux machine is a zombie?

Douglas Tutty wrote:

> On Tue, Jan 09, 2007 at 11:23:56AM -0800, Paul Johnson wrote:
>
>> Douglas Tutty wrote:
>>
>> > I use shorewall with default block everything all directions then open
>> > things up as needed.
>> 
>> I bet you have a rule someplace that allows outgoing traffic that's part
>> of an existing connection.
> 
> Not that I specifically put in.  I __think__ that's part of the
> netfilter stuff directly. I just checked my shorewall configs and 
> there's nothing there allowing anything from the net and very specific
> stuff out.

I think shorewall assumes that you don't really want to block /all/ outbound
traffic and does the right thing, then.
Reply to: