Amin Azez schrieb: > Quite so, but output filtering can also be applied to a > firewall/router/bridge with no user accounts. Definitely this is true. But why would you want to apply output filtering to a firewall,..., without any user account ? I can't see the point in this, if we are talking about general output filtering like having a DROP policy in OUTPUT. Only locally generated packets go through OUTPUT and most likely you want this traffic (proxies,...). Given that there is no config error, if there is unwanted traffic on the box - let's say IRC - chances are best that the box is compromized and as there is no user account, the intruder has root priveleges. So he is perfectly able to circumvent any filtering. So, output filtering didn't help. Ofcourse there are good reason for single OUTPUT rules - this list helped me to remember identd, which caused a responding delay of about 30s - but this is not generally. May be I'm missing important views, but I can't see that output filtering makes sense. Have a nice time, Joerg
