Jeffrey Goldberg wrote:
> Also, is there some set of rules that people recommend for being a "good
> network citizen"? That is, what should I try to prevent from leaving my
Hi Jeffery... My recommendation is to set up the firewall to ONLY allow
out what you require, and nothing else.
80 http (usually required)
443 https (usually required)
110 pop3 (sometimes required)
995 pop3s "
443 imap "
993 imaps "
...and then any other ports you specifically require. I am so paranoid
that I even limit things like pop/imap/smtp to specific known servers -
and only from specific internal hosts. For example, if _you_ need IRC
access to talk to us in #m0n0wall, then allow your machine access to a
short list of irc servers rather than allowing IRC access out, which
would open your network up to infected/owned Windows machines being
Then block & log everything else to a remote syslog server where you can
use a program to watch the log and alert you via email/pager etc. Just
make sure you tweak the monitoring software so that you are not getting
1,000 emails or pagers per hour. :)
One comment though, I usually block/drop and don't log Microsoft
networking packets, as they are so prominent...
Just my 2 paranoid cents.
waa dash m0n0wall at revpol dot com