Depends. I believe his point is just to block just the listed services.
It's easier to have three denies and one permit then a large number of
permits. So much software is coming out now that is not on the well know
services lists that it people would be updating their filters daily to let
their customers use the new software as it comes out. Look many IRC servers
run at oddball ports.
If the goal is to allow only services listed on the well know services table
and force your users to use those ports then yes a list of permits and a
single deny is a better way to do it. It forces you clients to configure
their software to the specified ports (Though they could flip them ie: www
on 25 SMTP on 80).
I'm still a month out of the ISP business and I've done it both ways. It
comes down to what is the fastest way for the PM operator to get the
functionally they want in a way they understand it. With filters as long as
it works there is no right or wrong way, just more efficient ways and more
(operator) understandable ways.
I believe the original posters example was in his case all the filter was
required to do was keep people form using NetMeeting and PCA and hence two
denies and allowing everything else was the best solution for his case.
Tom
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>