Am 18. Feb, 2004 schwätzte elemint@hotpop.com so:

> On a snort box of mine that connects to the outside world ACID is
> reporting bad loopback traffic and the url I am pointed to is below.
> Recomending to setup egress filtering.

Hmmm. Loopback is 127.0.0.1.

Egress filtering is about making sure traffic 'from' one network doesn't
come from a different network.

> I have used fwbuilder to build my firewall scripts.

I believe fwbuilder defaults to doing the right thing.

> I allow all traffic on my loopback adapter but I do not allow my
> loopback out to the outside world from what I can tell.
>
> How can I confirm that I am not allowing loopback traffic out to the
> outside world and that egress filtering is in place?

Look at the rules created by fwbuilder.

Let's say that your internal network uses 192.168.0.0/24 and is on eth0 and
that your external addy is 1.2.3.4/28 on eth1.

You should have a rule blocking incoming traffic from 192.168.0.0/24 on
eth1.

You should have a rule blocking outgoing traffic to 192.168.0.0/24 on eth1.

You should have a rule blocking incoming traffic from anything other than
192.168.0.0/24 on eth0.

You should have a rule blocking outgoing traffic to anything other than
192.168.0.0/24 on eth0.

You should also block traffic out to 10.0.0.0/8 and the rest of
192.168.0.0/16 and a bunch of other things. I think fwbuilder automagically
includes all that.

ciao,

der.hans
-- 
#  https://www.LuftHans.com/    http://www.AZOTO.org/
#  If you're not learning, you're not living. - der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss