It's difficult to program all outgoing filter rules in ipf. Every now and then I bumb into a blocked connection that I did want to work in the first place. Only because an outgoing port was/is blocked.
What is the most secure way to do things? Block all outgoing and open up what I wnat or can I use i.e. the next rule in a safe way:
### pass out quick proto tcp/udp from any to any keep state keep frags
Any help or suggestions are appreciated. Yes I did read all the ipf help files but it dazzles me.
What are you protecting against? If you are the only user, and you trust your self, and you can assume that your system has not been compromised, then all outgoing connections are legitimate.
Usually you filter incoming connections. Filtering outgoing has the effect of limiting the spread of a posible compromise or abuse by non-privileged users.
If you want to restrict outgoing, then allow anything below port 1024 - if this is too much then read /etc/services. Above 1024 are all the non-standard services, kazaa, skype, X, mysql and other stuff.
Beware, that cvsup connects to port 5999, and passive ftp-data connects to some port > 1024 depending on server config (however I think default is/should be > 49151).
Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
