On Thu, Jan 05, 2006 at 09:34:08AM +0000, Dylan Smith wrote: > Secondly, if the box is mainly a web server, use 'pf' to egress filter. If > the machine should not be making outgoing connections to the Internet, block > all outgoing traffic.
Amen. Default deny both in and out works wonders
