Hi, I would like to block all outgoing ports except the ports that are allowed in. I am using the latest ISPConfig 3. In the ISPConfig 3, the firewall setting allows certain incoming ports to be open. Is there a setting to allow certain outgoing ports to be open? If not, can the bastille firewall be setup to only allow certain outgoing ports to be open? Like changing the configuration file. Need advice on how to block all outgoing ports then allow certain outgoing ports to be open. Just like the ISPConfig 3 firewall setting for incoming ports but this time for outgoing ports.
In general I understand why that's interesting to setup - and it can be achieved BUT not with the ISPConfig setting and not without some digging deeper. Since you may want to be able to communicate with a DNS-Server, updating your system using ftp/http and much more. I did that on some hosts using iptables ... locked myself out one or two times by doing that but... after all it can be achieved - it's just not that easy if you're not familiar setting up firewall rules. Therefore I'd recommend you to dig into how iptables work in general and really think of what needs outgoing connections: - DNS - updating system packages - Serving Websites, Mail - FTP - Syncing clock by requesting time servers - .... Don't forget to allow dynamic ports so clients who request data from your server can receive a reply back from some random port. Depending on what you want to achieve it's useful or not worth it
