First page Back Continue Last page Summary Graphics
Filtering Outgoing Packets
Local Source Address Filtering
Remote Destination Address Filtering
Local Source Port Filtering
Remote Destination Port Filtering
Outgoing TCP Connection-State Filtering
Private Versus Public Network Services
Notes:
Filtering outgoing messages also allows you to run LAN services without leaking out into the Internet where these packets don't belong. It's not only a question of disallowing external access to local LAN services. It's also a question of not broadcasting local system information out unto the net. Examples of this would be if you were running a local dhcpd, timed, routed or rwhod server for internal use. Other obnoxious services might be broadcasting wall or syslogd messages.
Another area is blocking mischief originating from your machines. A year ago, I was taking a somewhat cavalier approach to outgoing filters in a Usenet security discussion. Someone wrote to tease me that I obviously didn't have teenage children[el].
A related source is some of the older personal computer software which sometimes ignores the Internet service port protocols and reserved assignments. This is the personal computer equivalent of running a program designed for LAN use on an Internet-connected machine.