blocking irc + botnets
jengelh at linux01.gwdg.de
Fri Aug 5 08:26:14 CEST 2005
>> >We have servers that could get infected via poorly wrote user scripts. I
>However the fact is that in REAL LIFE, you will have users that use bad
>scripts or even "good" script that have bugs (phpbb, etc, etc.).
Ah now I get it.
>I simply want to get a good ruleset to share so that anyone who might ever
>have a server compromised (even non-root, php-apache based stuff running as
>nobody) could help
>stop the outgoing bad traffic.
Hm, I'd probably try with
-P OUTPUT DROP
-P OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
More information about the netfilter