On 8/1/06, Bob Young <bob at lavamail dot net> wrote:
> Do you also agree that I should block only certain bad data, but allow the
> rest?...at least for a WISP site?
Being a service provider changes what I would recommend. You can't do
a default deny and be a good service provider IMO (unless you have a
LOT of exceptions to that default deny). I'd probably only deny TCP
and UDP 135 and 137-139. Everything else I'd let through, but I would
enable logging on all rules, pass or block. Syslog them off to
another system, and watch for abuse, like tons of TCP 25 traffic
(infected machine, or malicious user spewing spam and/or viruses).