In the light of UK regulations I'm setting up firewalls.
My ADSL router is quite basic (no wizards) but gives the important allow/deny facility.
Choosing 'deny all' except what allow I have allowed incoming port 53 (DNS),80 (HTTP) and 443 (HTTPS) and initially allowed all out - no problem - everything works perfectly. Naturally (?) I want to know what goes out so I started to restrict the range of allowed outgoing ports - generally the fewer ports open the slower the response from websites. I find that with 1..52000 allowed most but not all websites will work. It is possible my adsl box is compromised - also my operating system ('raspian' on a raspberry pi) but my trusted Ubuntu 14.04 does the same thing. I can't isolate which ports are involved because it seems sometimes a site is slow but gets there and sometimes it doesn't.
I'd expected three ports out and three in to be sufficient - clearly my setup isn't working like that - am I infected with something horrible or is this normal?
My ADSL router is quite basic (no wizards) but gives the important allow/deny facility.
Choosing 'deny all' except what allow I have allowed incoming port 53 (DNS),80 (HTTP) and 443 (HTTPS) and initially allowed all out - no problem - everything works perfectly. Naturally (?) I want to know what goes out so I started to restrict the range of allowed outgoing ports - generally the fewer ports open the slower the response from websites. I find that with 1..52000 allowed most but not all websites will work. It is possible my adsl box is compromised - also my operating system ('raspian' on a raspberry pi) but my trusted Ubuntu 14.04 does the same thing. I can't isolate which ports are involved because it seems sometimes a site is slow but gets there and sometimes it doesn't.
I'd expected three ports out and three in to be sufficient - clearly my setup isn't working like that - am I infected with something horrible or is this normal?