[jadmin] iptables and Jabber
Zbyszek Żółkiewski
zbyszek at toliman.pl
Tue Mar 13 02:26:27 CDT 2007
for me output filtering have sense in two conditions:
1) you have local non-root users (hosting, etc) - anyway in case of brake-in
attacker anyway will gain root access and will set its own rules (is that
simple as long as you dont use rbac or tools like that)
2) filtering outgoing invalid packets (f.e.: policy -P OUTPUT DROP, and then
allow NEW,RELATED,ESTAB... or just drop state invalid)
On 3/13/07, Markus Meyer <markus.meyer at koeln.de> wrote:
>
> On [Mon, Mar 12 21:10], Matthias Wimmer wrote:
> >HI Markus!
>
> Morning Matthias,
>
> >Why do you filter outgoing connections at all?
>
> Cause I'm paranoid I think. It became a habit and I have to live with
> it ;)
>
> Shalom,
> --
> Markus Meyer
> encrypted email preferred -> GPG: B87120ED - JAB:
> butterbluemchen at amessage.de
> --- Geld korrumpiert - vor allem jene, die es nicht haben.
> -- Sir Peter Ustinov
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFF9ijOFH1rMbhxIO0RAgDVAJ93H60BN+Z8zHqEnp133JVAjd6PkQCgnCNV
> JxkalcXR3o+Ing+UEqX0dmg=
> =c5o9
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> JAdmin mailing list
> JAdmin at jabber.org
> http://mail.jabber.org/mailman/listinfo/jadmin
> FAQ: http://www.jabber.org/about/jadminfaq.shtml
> _______________________________________________
>
>
--
pozdrawiam,
Zbyszek Żółkiewski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20070313/e72d2518/attachment.htm
More information about the JAdmin
mailing list