[tlug] iptables - Tools for easy configuration

["Stephen J. Turnbull" <stephen@example.com>]

Amy & Don Johnson writes:

 > If someone is willing to do a talk about iptables, I would like to hear 
 > specifics about setting up *outbound* chains in the filter table. There 
 > is a lot on the web about setting up inbound rules, but I haven't found 
 > anything good about setting up outbound rules.

Why would you want to do that?  Keep your kids off IRC and pr0n sites?
(Honest question; such rule sets will be really application-specific.)

As to why you won't find much on this ....  Thing is, in general you
trust the people *inside* the firewall.  To the extent that you don't
trust them you're generally more interested in content filters, eg
spam filters in case one of the PCs on your net gets zombified.
Because of course you do want people to be able to send legit mail!

Of course, you can limit your kids' PCs to the Disney site and their
schools' home pages, but that will get tedious rapidly.  And in
general it's much harder to set up plausible rules for inside going
out than the other way around.  12 and 13 year olds can learn to set
up tunnels and proxies for their friends; you'll need to think about
much more complex rule sets to prevent that.