Synology Disk DS211J

Matthew Palmer mpalmer at hezmatt.org
Fri Sep 30 01:18:44 CDT 2011


On Thu, Sep 29, 2011 at 07:10:10PM -0700, Joel jaeggli wrote:
> On 9/29/11 17:46 , Robert Bonomi wrote:
> >> From: Nathan Eisenberg <nathan at atlasnetworks.us>
> >> Subject: RE: Synology Disk DS211J
> >> Date: Thu, 29 Sep 2011 21:58:23 +0000
> >>
> >>> And this is why the prudent home admin runs a firewall device he or she 
> >>> can trust, and has a "default deny" rule in place even for outgoing 
> >>> connections.
> >>>
> >>> - Matt
> >>>
> >>>
> >>
> >> The prudent home admin has a default deny rule for outgoing HTTP to port 
> >> 80?  I doubt it.
> >>
> > 
> > No, the prudent nd knowledgable prudent home admin does not have default deny
> > rule just for outgoing HTTP to port 80.
> > 
> > He has a  defult deny rule  for _everything_.  Every internal source address,
> > and every destination port.  Then he pokes holes in that 'deny everything'
> > for specific machines to make the kinds of external connections that _they_
> > need to make.
> 
> Tell me how that flys with the customers in your household...

Perfectly fine.  My users know not to go plugging random devices in, and I
properly configure the firewall to account for all legitimate traffic before
the device is commissioned.

- Matt




More information about the NANOG mailing list