Outbound SSH problem
Ninneman, TJ
terry at twopeasinabucket.com
Sun Jun 26 15:30:13 GMT 2005
>Yes, RTFMP , with a default policy of block, there is no need for specific
>rules to stop things like outbound ssh traffic.
>
>Logging will tell you the rest.
Yes, I'm compromised or yes, I'm misreading the output? Like I said in my
original post, logging isn't telling me anything; just the daily security
run or /var/log/pf.today. While a default to deny policy will stop outbound
ssh, you'll notice in my ruleset that I am allowing everything out on this
server so that rule is necessary.
I just really would like to know if these outbound ssh packets are nothing
or if I have a problem on my hands.
Thanks for the help!
Terry J. Ninneman
More information about the freebsd-pf
mailing list