From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QuuG4-0005mj-68 for garchives@archives.gentoo.org; Sat, 20 Aug 2011 22:43:16 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E6D8E21C09E; Sat, 20 Aug 2011 22:43:05 +0000 (UTC) Received: from mail-vw0-f53.google.com (mail-vw0-f53.google.com [209.85.212.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 92E8921C038 for ; Sat, 20 Aug 2011 22:41:21 +0000 (UTC) Received: by vws13 with SMTP id 13so4009475vws.40 for ; Sat, 20 Aug 2011 15:41:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; bh=WBFWDAw4bxGui7qYrCxHLNFMLg1OBRHA43gioOVJFRY=; b=puOyPoiLrofPbrkHX+Nj8b5C4U6hp5kkx+BfECpVcjJ+0/LZOltMbN5G/MjxHWT7h9 INPt0UJKiZRARpYkydDNREQ6XonBuNPieX8H5JOtZPzhpJWlHDkR+xUM/VUvcGB/cBvH RAK7jMkUs7n4ktXlPCkgHTzpZIzILvtzv6T9U= Received: by 10.52.186.130 with SMTP id fk2mr783556vdc.343.1313880081133; Sat, 20 Aug 2011 15:41:21 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: paul.hartman@gmail.com Received: by 10.52.160.1 with HTTP; Sat, 20 Aug 2011 15:41:00 -0700 (PDT) In-Reply-To: References: From: Paul Hartman Date: Sat, 20 Aug 2011 17:41:00 -0500 X-Google-Sender-Auth: E3SssHQfgCo7db5beIXnS-PVLUs Message-ID: Subject: Re: [gentoo-user] Do you block outbound ports? To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: b796ae42914913e8baaba6b9621795c8 On Sat, Aug 20, 2011 at 12:38 PM, Grant wrote: > I like the policy of blocking all ports in and out with a firewall and > only opening the ones you need. =A0Bittorrent makes that difficult since > it connects out to unpredictable ports. =A0Do you block outbound ports > with a firewall or only inbound? I don't block anything outbound, but my ISP does (mostly MS-stuff that I don't care about). I do, however, occasionally block all outgoing just to see what the logs show, so I'm aware of what's happening. But I don't actively monitor that outbound traffic. I block everything inbound and only open what's specifically needed. I use denyhosts and fail2ban to block bad guys from all ports.