> I've seen most people allow all outgoing traffic > originating from the firewall itself... Is this really > recommended?? What if the machine have been
A server being a server (and a firewall is nothing but a specific server) there is no reason one would run a client application from that machine. So I deny every outgoing connection from a server (only exceptions are the protocols used by the server to upgrade itself, http/ftp is allowd only through a proxy). This makes very little constraint and I make the server much safer knowing that one will not be able to read his mail or browse the web from that server. Best regards, Olivier _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
