[Firehol-support] Re: IRC blocking
Daniel Pittman
daniel at rimspace.net
Tue Aug 3 13:59:49 BST 2004
On 3 Aug 2004, Christian wrote:
> Thnaks again, Costa. = ) And thanks John Dalton too. You were correct,
> my route all was freeing the irc traffic.
> Just one more thing: Should I not use the statement "route all accept" ?
> Or just dropping the traffic I don't want to be routed some lines above
> resolves everything?
A good general security policy is to use list the services you do use,
and allow only those.
Using a blacklist, by adding 'route ... drop' statements above 'route
all accept' leads to less security in the long term.
Regards,
Daniel
--
What is style?
For many people, a very complicated way of saying very simple things.
According to us, a very simple way of saying very complicated things.
-- Jean Cocteau
More information about the Firehol-support
mailing list