|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Blocked outgoing ports
|
> Generally, for security reasons (and being a good netizen), you want to
> drop all outgoing traffic that's not explicitly allowed. Open outgoing
> ports that you need for critical services and that's it. In Linux, you
> can set the OUTPUT chain's policy to DROP and then make the first rule
> an ACCEPT on -m state --state RELATED,ESTABLISHED. You should mirror
> that in the INPUT and FORWARD chains. Underneath those first ACCEPT
> rules you would accept whatever other traffic you wanted to come in, be
> forwarded or go out (in INPUT, FORWARD and OUTPUT, resp.).
Be carefull here, I've seen hack attempts that set the RELATED and/or
ESTABLISHED bits on a packet to bypass a firewall. The only thing that
saved me was the server that was being attacked had it's own firewall that
had all of it's allowed traffic explicitly defined.
I think that iptables supports internal connection tracking which is an
alternative to the --state check but is probably much more RAM intensive.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|