[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
The ultimate exit policy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey all,
Below is my current default-allow exit policy. I get a lot of traffic,
and I'm wondering if there are any other high bandwidth/low utility
common ports that I should block. I want to allow everything with the
exception of those services, such as some file-sharing clients, which
are often problematic from a security and/or
dealing-with-RIAA/MPAA's-crap perspective. Any suggestions would be helpful.
~Andrew
The exit policy:
ExitPolicy reject 0.0.0.0/8
ExitPolicy reject 169.254.0.0/16
ExitPolicy reject 127.0.0.0/8
ExitPolicy reject 192.168.0.0/16
ExitPolicy reject 10.0.0.0/8
ExitPolicy reject 172.16.0.0/12
ExitPolicy reject *:25
ExitPolicy reject *:119
ExitPolicy reject *:135-139
ExitPolicy reject *:445
ExitPolicy reject *:1214
ExitPolicy reject *:4661-4666
ExitPolicy reject *:6346-6429
ExitPolicy reject *:6699
ExitPolicy reject *:6881-6999
ExitPolicy reject *:60679
ExitPolicy reject *:41919
ExitPolicy accept *:*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI0FWebmNAhmEANTwRAk0iAJ9fLxMc1uoRDmCWkd9N6bb6SAFkTQCeJ6TC
0mT3j6n4hVaSa6LEz4SePlI=
=Qk1R
-----END PGP SIGNATURE-----