On 12/06/2012 10:57 AM, Les Mikesell wrote: > On Thu, Dec 6, 2012 at 9:49 AM, Giles Coochey <giles at coochey.net> wrote: >> On 06-12-2012 15:41, Les Mikesell wrote: >>> On Thu, Dec 6, 2012 at 9:13 AM, <m.roth at 5-cent.us> wrote: >>>> Disabling selinux, or at least setting it to permissive, I agree >>>> with. >>>> Turning down your firewall?! Anyone suggesting that is, IMO, either >>>> a) >>>> clueless, or b) a malware user/vendor trying to make life easier. >>>> Can >>>> anyone think of any other possibilities? >>> Someone with good site and subnet-level hardware firewalling. And a >>> good feeling that all the bad guys are on the other side of the >>> firewalls. >> Filtering Inbound Firewalls are generally useless if the user of the >> system doesn't know what they're doing. A lot of intrusions these days >> are the result of inbound policy permitted traffic in causing someone to >> initiate an outbound connection that gets them hacked. > And you expect someone to be better at stopping this with iptables and > a 'howto' than dedicated hardware and vendor training/support? And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out.