Mark Jayson Alvarez wrote:
I've seen most people allow all outgoing traffic
originating from the firewall itself... Is this really
recommended??
No. It's highly desirable to perform egress filtering if possible, but
many people lack the time or the detailed knowledge to determine what
outbound ports that they really need to use. Simply blocking port 6667
can provide a lot of protection against botnets because ICC is so
commonly used as the control channel.
[ RFC-2196 recommends doing outbound packet-filtering. ]
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
