Outbound ports to firewall?
Jason Dixon
jason at dixongroup.net
Fri Sep 24 14:06:02 UTC 2004
On Sep 24, 2004, at 9:57 AM, Jason Staudenmayer wrote:
> Better yet do what I do and point every system to a dead-end and only
> allow
> restricted proxy access to the web.
How is that "better" than what I suggested? You block all by default
and only allow "trusted" traffic. If there is a proxy, of course you
should use it (as I already said). Otherwise, if it's a necessary
requirement of normal day-to-day activities, than you allow it
statefully.
If you're in an environment where the only necessary outbound services
are proxy-capable, more power to you. I guarantee you you're in the
extreme minority.
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
More information about the redhat-list
mailing list