|
I have a question regarding network security, and in particular, outbound (egress) filtering. I was always under the understanding that when a client (for example, a web browser) initiates the connection on a 'random' outgoing port to the server's incoming port (in this case, port 80 or 443). I always thought it would be difficult to filter an outbound connection because of the fact that the outbound connection is established on a random (I believe the term is 'ephemeral') port, the only solution would be to restrict outbound connections to the range of ephemeral ports, usually defined by the OS. Is there an effective way to filter outbound connections based on this information, and if so, how?
|
# ¿ Nov 4, 2015 20:23 |
|
|
# ¿ May 3, 2024 07:13 |
|
spankmeister posted:What do you mean exactly? It's perfectly doable to filter outgoing connections on destination port. What are you trying to achieve? Ah, that makes perfect sense, thanks.
|
# ¿ Nov 5, 2015 16:41 |
|
I guess my problem was that I did not understand the difference between stateful and stateless filtering. Stateless does not explicitly allow return traffic so you *do* have to worry about ephemeral ports. I guess stateless is more useful for governing traffic between subnets, and stateful is more applicable on traffic between groups of individual hosts/instances.
|
# ¿ Nov 5, 2015 22:52 |