> What types of traffic are you blocking from a business perspective ? I
> am just curious about what traffic I might want to block in the LAN
> outbound direction..ie P2P, IM, 445 ports.
for the purpose in which we are using/testing m0n0 we are only allowing
80/443 ('web' and 'secure web')
465/993/995 ('SSL mail protocols')
..and of those, only the required TCP or UDP port.
however, as m0n0 has NO IDEA AT ALL about what the traffic really is
(no packet inspection) anyone with more than half a clue could simply
run whatever they wanted through those open ports.
such traffic, with our current setup, is actually trapped by a few more boxes
further along the network (and detected with SNORT etc)