I want to start to lock things down alittle. I was thinking I would create an alias with needed known outbound ports. I was wondering if anyone might have a list they have used to open outbound ports? I was thinking obviously http, https, dns, smtp, pop3, real player, windows media player, ntp, tivo traffic, and others just to name a few. I was hoping someone may have already gone and done this and might be willing to share….
Anyway thanks in advance,
I don't know if that would be a good idea. having each allowed outbound port listed in the rules in beneficial. If you ever wanted to temporarily disable a rule say deny 443 temporarily or 3389 or better yet 25 you would only have to disable the individual rule. By grouping them under 1 aliase, if you wanted to disable 1 port listed you would have to modify and then delete that port from the aliase. Also if you were to need to troubleshoot looking at the raw filters it might group everything together.