blocking irc + botnets

Jan Engelhardt jengelh at linux01.gwdg.de
Fri Aug 5 08:26:14 CEST 2005


>> >We have servers that could get infected via poorly wrote user scripts. I
>> 
>However the fact is that in REAL LIFE, you will have users that use bad 
>scripts or even "good" script that have bugs (phpbb, etc, etc.).

Ah now I get it.

>I simply want to get a good ruleset to share so that anyone who might ever 
>have a server compromised (even non-root, php-apache based stuff running as 
>nobody) could help
>stop the outgoing bad traffic. 

Hm, I'd probably try with

-P OUTPUT DROP
-P OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED


Jan Engelhardt
-- 



More information about the netfilter mailing list