Re: Outbound ports to firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On a similar note, does it make any sense for me to limit outgoing ports
on my workstations firewall? We have some limits on out network firewall
and I have no control over that. I'm having some issues getting my
iptables rules working correctly on my workstation, especially samba (so
I can print to our windows print server) and am debating what I am
actually accomplishing by filtering outgoing traffic from my
workstation.

Right now, I'm of the opinion that filtering outgoing ports from my
workstation really only accomplishes reassuring myself that nothing that
I don't know of is getting out of my box and that I'm learning
iptables... :) If I were selling it I could say that I am trying to
limit and contain any potential security breach to my workstation. Is
there something else I'm missing?

Lloyd


On Fri, 2004-09-24 at 09:40, Jason Dixon wrote:
> On Sep 24, 2004, at 9:29 AM, Parker Morse wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Like most people, I've put some effort into filtering incoming email 
> > and firewalling my network to prevent nasties from getting in. But 
> > recent discussion of preventing the spread of Windows worms, viruses, 
> > etc. etc. has led me to a question I don't have an answer for.
> >
> > Let's assume, for a thought experiment, that one of the Windows boxen 
> > inside my gateway firewall is infected with *something*, who knows 
> > what. To protect the rest of the 'net from this little bundle of 
> > pestilence in the time before I track it down and choke it to death, I 
> > should probably have some firewall rules to keep the bulk of the 
> > nastiness from leaving my network. Outbound rules.
> >
> > What ports should I consider closing up to keep hypothetical infected 
> > inside my network from phoning home and/or spreading the infection?
> 
> You don't.  You block all by default, and only allow approved outbound 
> traffic (via proxy or directly).  Otherwise, you're constantly 
> attempting to play catch-up with mutating (and new) undesired services. 
>   Here is an example list of approved outbound traffic from my (OpenBSD 
> PF) ruleset:
> 
> tcp_out_services="{ whois, ftp, http, https, ssh, pop3, pop3s, imap, 
> imaps, smtp
> , bootps, 465, 1723, 1863, 3128, 5190, 6667, 55500 }"
> # 465 = SMTP/SSL
> # 1723 = PPTP
> # 1863 = MSN Messenger
> # 3128 = Squid
> # 5190 = AIM
> # 6667 = IRC
> # 55500 = PokiPoker
> udp_out_services="{ domain, bootps, ntp }"
> 
> HTH.
> 
> --
> Jason Dixon, RHCE
> DixonGroup Consulting
> http://www.dixongroup.net
> 
> 


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux