Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] iptables - Tools for easy configuration

On Mon, 2 Jul 2007, Stephen J. Turnbull wrote:

As to why you won't find much on this ....  Thing is, in general you
trust the people *inside* the firewall.


Not at all. Keep in mind, some of the people inside your firewall are
guys from some foreign country who happened to be able to take over a
machine there.

Blocking outbound packets that claim that they're not from internal
networks is a good thing. After that, there's a lot you can do. (I note
that most ISPs in Japan are now blocking outbound port 25 on consumer
connections which, as much as it causes me pain, it's a policy with
which I have to admit I grudgingly approve.)

Oh, yeah, I guess I should say, I trust the *people* inside the
firewall, but not the hosts they use.

cjs
--
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
Mobile sites and software consulting: http://www.starling-software.com

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links