Date: Thu, 11 May 2006 07:28:01 -0400 From: Chuck Swiger <cswiger@mac.com> To: Mark Jayson Alvarez <jay2xra@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Is it recommended to allow all outgoing connections from your firewall?? Message-ID: <44631FC1.4020603@mac.com> In-Reply-To: <20060511012211.12062.qmail@web51610.mail.yahoo.com> References: <20060511012211.12062.qmail@web51610.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Jayson Alvarez wrote: > I've seen most people allow all outgoing traffic > originating from the firewall itself... Is this really > recommended?? > No. It's highly desirable to perform egress filtering if possible, but many people lack the time or the detailed knowledge to determine what outbound ports that they really need to use. Simply blocking port 6667 can provide a lot of protection against botnets because ICC is so commonly used as the control channel. [ RFC-2196 recommends doing outbound packet-filtering. ] -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44631FC1.4020603>