It will have no effect on tcp traffic, but it can be a real mess with udp traffic. On Sat, 15 Jan 2005 21:12:04 -0800, Gary W. Smith <gary@xxxxxxxxxxxxxxx> wrote: > It's also key to stopping many of the code red and sql slammer type viruses. If SQL outgoing ports would have been closed on most firewalls that would have slowed it down quickly. > > Gary > > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jose Maria Lopez > Sent: Saturday, January 15, 2005 2:20 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: ever block *outgoing* packets on your firewall? > > El vie, 14 de 01 de 2005 a las 21:02, seberino@xxxxxxxxxxxxxxx escribió: > > I'm wondering if it is ever necessary to block > > *outgoing* packets at your firewall. > > > > As long as you block /incoming/ carefully no hacker > > on the Internet can send spam through a node on > > your network or anything nasty like that right? > > > > (I'm wondering for a wifi hotspot if any nastiness > > will happen if I don't block outgoing. I block > > virtually all incoming except ssh.) > > > > CS > > You *really* need to block outgoing traffic at your firewall. > Think about spyware, malware and the like. They can be sending > your company data to their owners. And users can use firewall-piercing > and proxies to bypass your network rules if you let them do whatever > they want. > > -- > Jose Maria Lopez Hernandez > Director Tecnico de bgSEC > jkerouac@xxxxxxxxx > bgSEC Seguridad y Consultoria de Sistemas Informaticos > http://www.bgsec.com > ESPAÑA > > The only people for me are the mad ones -- the ones who are mad to live, > mad to talk, mad to be saved, desirous of everything at the same time, > the ones who never yawn or say a commonplace thing, but burn, burn, burn > like fabulous yellow Roman candles. > -- Jack Kerouac, "On the Road" > > -- cheers Ashish
