ipfilter outgoing
Erik Norgaard
norgaard at locolomo.org
Sun Feb 13 14:46:12 GMT 2005
dick hoogendijk wrote:
> It's difficult to program all outgoing filter rules in ipf. Every now
> and then I bumb into a blocked connection that I did want to work in the
> first place. Only because an outgoing port was/is blocked.
>
> What is the most secure way to do things? Block all outgoing and open up
> what I wnat or can I use i.e. the next rule in a safe way:
>
> ### pass out quick proto tcp/udp from any to any keep state keep frags
>
> Any help or suggestions are appreciated. Yes I did read all the ipf help
> files but it dazzles me.
What are you protecting against? If you are the only user, and you trust
your self, and you can assume that your system has not been compromised,
then all outgoing connections are legitimate.
Usually you filter incoming connections. Filtering outgoing has the
effect of limiting the spread of a posible compromise or abuse by
non-privileged users.
If you want to restrict outgoing, then allow anything below port 1024 -
if this is too much then read /etc/services. Above 1024 are all the
non-standard services, kazaa, skype, X, mysql and other stuff.
Beware, that cvsup connects to port 5999, and passive ftp-data connects
to some port > 1024 depending on server config (however I think default
is/should be > 49151).
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
More information about the freebsd-questions
mailing list