On 25/6/18 5:30pm, Walter Parker wrote:
The use case for pass out rules would be to block local processes on the box from making external connections to other servers. This is useful if you don't fully trust users or software running on your equipment. Also, this would useful to preemptively block ports that would be useful in DDOS attacks.
Ah, then I misunderstood what pass-in and pass-out meant. I thought those words referred to the interface, so it would hit pass-in to the interface even if coming from a local process.
In that case I'm better writing all my outbound rules as pass-out so as to equally filter traffic from the internal network and local firewall machine.
Ari _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
