Outbound ports to firewall?
Jason Dixon
jason at dixongroup.net
Fri Sep 24 14:10:47 UTC 2004
On Sep 24, 2004, at 10:05 AM, Lloyd H. Meinholz wrote:
> On a similar note, does it make any sense for me to limit outgoing
> ports
> on my workstations firewall? We have some limits on out network
> firewall
> and I have no control over that. I'm having some issues getting my
> iptables rules working correctly on my workstation, especially samba
> (so
> I can print to our windows print server) and am debating what I am
> actually accomplishing by filtering outgoing traffic from my
> workstation.
>
> Right now, I'm of the opinion that filtering outgoing ports from my
> workstation really only accomplishes reassuring myself that nothing
> that
> I don't know of is getting out of my box and that I'm learning
> iptables... :) If I were selling it I could say that I am trying to
> limit and contain any potential security breach to my workstation. Is
> there something else I'm missing?
The intent is good, but the theory is partially flawed in practice.
Imagine if you're rooted, what would stop the intruder from simply
rewriting your ruleset? Of course, this would still be a good idea to
stop potential userland applications from doing Bad Things (TM) that
you're unaware of.
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
More information about the redhat-list
mailing list