Outbound, we only filter for source addresses that are not from our net
i.e. possibly spoofed addresses, or least bad ones. I don't care what
protocols go out, as long as they leave here with legitimate addresses.
At 6:57 AM 2/3/97, Mark Smith wrote:
>What is the general practice for readers of this list on filtering
>outbound packets at the router between the ISP and the DMZ ?
>The original intent was to limit the chances of mounting
>attacks/FSP/general bad stuff using our site as base camp. Now,
>however, we have a mail application which appears to drive the router at
>max CPU, allegedly due to the filtering in place. That outbound
>filtering allows only the "good" protocols to their known ports.