On Tue, Oct 22, 2002 at 09:03:54PM +0100, Antony Stone wrote: > On Tuesday 22 October 2002 7:57 pm, Robert P. J. Day wrote: > > > i've had a number of people tell me that, while they put a good deal > > of thought into their INPUT filtering, they simply ACCEPT all outgoing > > traffic since, if their input filtering is working properly, there's no > > reason to stop outgoing packets. > > There's no reason to filter outgoing packets unless you don't trust the > applications running on your machine. You shouldn't trust the applications running on your machine. > If you don't trust what's running on your machine, then you should > probably fix more than just what netfilter allows. Yes, but netfilter is a good start :) -- FunkyJesus System Administration Team
