[Firehol-support] Re: IRC blocking

Daniel Pittman daniel at rimspace.net
Tue Aug 3 13:59:49 BST 2004

On 3 Aug 2004, Christian wrote:
> Thnaks again, Costa. = ) And thanks John Dalton too. You were correct,
> my route all was freeing the irc traffic.
> Just one more thing: Should I not use the statement "route all accept" ?
> Or just dropping the traffic I don't want to be routed some lines above
> resolves everything?

A good general security policy is to use list the services you do use,
and allow only those.

Using a blacklist, by adding 'route ... drop' statements above 'route
all accept' leads to less security in the long term.

What is style?
For many people, a very complicated way of saying very simple things.
According to us, a very simple way of saying very complicated things.
        -- Jean Cocteau

More information about the Firehol-support mailing list