From: Martin Feeney (martin at domain tuatha.org)
Date: Fri 28 Jul 2000 - 10:45:27 IST
On 28 Jul 00, at 9:21, Philip Reynolds wrote:
> It's the most secure method, but not neccessarily the handiest. It's as long
> as it as short, you've also got to open up every little port you're using if
> you DENY everything.
But, you don't just "throw together" a firewall. They have to have some
planning. The most secure (and in fact it probably is the handiest) is
default to DENY, then allow all your internal machines outgoing access.
If you need incoming it's only one rule per port. There are 65536
possible ports (TCP and UDP) giving 131072 different port/protocol
combinations most of which you would have to specifically deny otherwise.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:07:01 GMT