Greg's side note
eculp at bafirst.com
eculp at bafirst.com
Mon Oct 9 07:36:41 PDT 2006
< snip >
> On a side note,
>
> The default block rule should match both ingress and egress traffic.
> A system cannot be deemed secure it if implictly allows egress traffic to
> flow.
Makes sense but I haven't done it do to an ignorance of which
unprivileged ports need to be enabled for things like skype, IM etc.
Does anyone have any recommendations as to where a list of ports used
by programs like the above can be found or a restricted range of ports
that has worked for you?
Thanks,
ed
More information about the freebsd-pf
mailing list