On 17:47, Mon 25 Apr 05, alex wilkinson wrote: > Hi all, > > I am following daniel hartmeier's example pf.conf > [http://www.benzedrine.cx/pf.conf]. > > Something that I notice is that daniel allows all outgoing TCP and UDP > traffic regardless of where it is going. > > Question: Isn't this a bad thing ? I would have thought it is best > practice to only allow incomming and outgoing connections > _explicitly_. With the reason being some OS upload information to > base camp (redmond) for statistical analsyis. > > I do something along the lines of: > > pass out on $EXT_IF inet proto tcp from $INT_IF:network to any \ > port {80,443,22,21,20,6667} flags S/SA keep state
This will also allow the upload of info from windows update. The connection to port 80 will create state and the stats upload is simply a hidden form posted to $random_ms_server. > > So in a nutshell, do most of you guys just allow all TCP/UDP traffic > out ? Or is what I am currently doing better ? 99% of the time it is enuf to filter incoming traffic and allow outgoing out > > Cheers > > - Alex -- Michiel van Baak http://lunteren.vanbaak.info [EMAIL PROTECTED] GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7E0B9A2D "Two of the most famous products of Berkeley are LSD and BSD. I don't think that this is a coincidence."
