Re: [m0n0wall] LAN/WISP block or WAN block ?

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] LAN/WISP block or WAN block ?
Date:	Wed, 2 Aug 2006 17:30:51 -0400

On 8/1/06, Bob Young <bob at lavamail dot net> wrote:
>
> Do you also agree that I should block only certain bad data, but allow the
> rest?...at least for a WISP site?

Being a service provider changes what I would recommend.  You can't do
a default deny and be a good service provider IMO (unless you have a
LOT of exceptions to that default deny).  I'd probably only deny TCP
and UDP 135 and 137-139.  Everything else I'd let through, but I would
enable logging on all rules, pass or block.  Syslog them off to
another system, and watch for abuse, like tons of TCP 25 traffic
(infected machine, or malicious user spewing spam and/or viruses).

-Chris