For better security: always "block all" or "block in all" is enough?
Spenst, Aleksej
Aleksej.Spenst at harman.com
Wed Jul 28 19:06:29 UTC 2010
Hi All,
I have to provide for my system better security and I guess it would be better to start pf.conf with the "block all" rule opening afterwards only those incoming and outcoming ports that are supposed to be used by the system on external interfaces. However, it would be easier for me to write all pf rules if I start pf.conf with "block in all", i.e. if I block only traffic coming in from the outside and open all ports for outgoing traffic.
- Incoming ports: only udp/68 (for dhcp client) and http/80 (for http server) always open;
- Outgoing ports: all ports always opened. All traffic going outside from the system has "keep state";
What disadvantages does it have in term of security in comparison with "block all"? In other words, how bad it is to have all outgoing ports always opened and whether someone can use this to hack the sysem?
Thanks a lot for any tips!!
Aleksej.
More information about the freebsd-pf
mailing list