Douglas Tutty wrote: > On Mon, Jan 08, 2007 at 10:35:10PM -0800, Paul Johnson wrote: >> James Stevenson wrote: >> >> >> If I understand the matter correctly, a firewall can protect only >> >> against incoming messages, and is useless against spyware which >> >> "phones home" or zombie-ware which spews email spam. >> > >> > Not totally correct. A firewall is only as good as the traffic that is >> > permitted to flow across it. If you want to block something from >> > phoning home then yes you can block outbound traffic as well. >> >> Blocking outbound traffic on specific ports is the advisable method. >> Wholesale blocking outbound traffic might make it interesting to get >> internet connectivity. > > I use shorewall with default block everything all directions then open > things up as needed.
I bet you have a rule someplace that allows outgoing traffic that's part of an existing connection. > The important thing is to read the great shorewall-doc. Indeed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
