| Tobias DiPasquale on 10 Dec 2004 17:05:11 -0000 |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 10, 2004, at 11:59 AM, Doug Crompton wrote: OK we talked about incoming ports, which you basically shutdown except for Generally, for security reasons (and being a good netizen), you want to drop all outgoing traffic that's not explicitly allowed. Open outgoing ports that you need for critical services and that's it. In Linux, you can set the OUTPUT chain's policy to DROP and then make the first rule an ACCEPT on -m state --state RELATED,ESTABLISHED. You should mirror that in the INPUT and FORWARD chains. Underneath those first ACCEPT rules you would accept whatever other traffic you wanted to come in, be forwarded or go out (in INPUT, FORWARD and OUTPUT, resp.). I will say that most people do just leave the OUTPUT chain's policy to ACCEPT and never touch it, but this leaves them open to blasting out attacks against other networks when internal machines get zombied. - -- Tobias DiPasquale 7A79 308C 0354 EA9C 7807 ED83 03C9 9E01 148E 7D01 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (Darwin) iD8DBQFBudc5A8meARSOfQERApeqAJ0cCCqLsBaa5VsKsuTWIuuIY9zG6gCbBEW9 6pSLWv5X/+JqSzzJXFlCNFk= =PaQk -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|