|
||||||||||
Claude Morin wrote: > Be aware that many modern apps (e.g. P2P, IM, etc.) try fairly hard to find > some way out; many (most?) of them are able to tunnel across HTTP/HTTPS. > > In short, while the rules William lists are good, solid rules, they won't > stop P2P or IM. > > -klode You are absolutely correct. This is the reason I often recommend a proxy server. The combination of squid (http://squid-cache.org) and Dan's Guardian (http://www.dansguardian.org) and a strict set of rules to only allow port 80/443 traffic from the proxy server allows for filtering,blocking etc via Dan's Guardian. :) It seems these days all these apps are set to fall back to just about any port (TCP or UDP) when their primary port is blocked. Even seen some use port 53/UDP. BTW (for the original poster) Blocking everything also stops viruses/wrms/trojans from opening back-doors to IRC channels etc... I say block it all, and be careful what you allow out. Sad to say, but you need to treat your internal (trusted??) machines as the enemy as much or more so than the external Internet at large. :) - Bill Arlofski waa dash m0n0wall at revpol dot com |