Hi all,
I am following daniel hartmeier's example pf.conf
[http://www.benzedrine.cx/pf.conf].
Something that I notice is that daniel allows all outgoing TCP and UDP
traffic regardless of where it is going.
Question: Isn't this a bad thing ? I would have thought it is best
practice to only allow incomming and outgoing connections
_explicitly_. With the reason being some OS upload information to
base camp (redmond) for statistical analsyis.
I do something along the lines of:
pass out on $EXT_IF inet proto tcp from $INT_IF:network to any \
port {80,443,22,21,20,6667} flags S/SA keep state
So in a nutshell, do most of you guys just allow all TCP/UDP traffic
out ? Or is what I am currently doing better ?
Cheers
- Alex
