LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-22-2013, 04:58 AM   #1
yzT!
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 113

Rep: Reputation: 2
Question about outgoing open ports in iptables


I just started to setting up my iptables rules. Right now I have denied the outgoing connections to some websites, now I'll add the INPUT rules for only allow some ports, and then comes the last part where I'm doubting..

When browsing, outgoing connections are made on random ports. Should I block all ports and only allow one for outgoing connections? Will this slow browsing speed because the only open port will be busy? Leave all outgoing ports open imply any security risk?
 
Old 01-22-2013, 06:11 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Quote:
Originally Posted by yzT! View Post
Leave all outgoing ports open imply any security risk?
Defining what can be a security risk starts with knowing a machines purpose (like a library kiosk, SOHO development web server or regulations-compliant database server), its location (at home in a DMZ behind a NAT router, phys. colocation, embedded device, shared hosting plan, virtualization, cloud) and its exposure (services, users, networks).
So if this is just a desktop machine that remains in one location with only one user then I'd just set the filter table OUTPUT chain policy to ACCEPT. To get a feel for what traffic leaves the machine you could watch network tools output or add a "-j LOG" rule for say new outbound connections on certain ports alone and add rules later on to tighten things up if you want to.


Quote:
Originally Posted by yzT! View Post
I just started to setting up my iptables rules.
When done and if unsure feel free to post or attach "output.txt" from running
Code:
iptables-save > /tmp/output.txt
 
  


Reply

Tags
firewall, iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I open up ports in iptables? ekerik Linux - Networking 13 10-07-2009 11:00 AM
open ports for utorrent using iptables n close smpt to that ports shtorrent00 Linux - Networking 2 09-30-2008 03:34 PM
how to open ports using iptables neelay1 Linux - Security 4 07-25-2006 07:50 PM
Open All Ports - iptables Artik Linux - Networking 2 06-21-2005 03:17 PM
IPtables open ports Paul_assheton Linux - Security 3 10-10-2003 02:03 AM


All times are GMT -5. The time now is 04:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration