Firewall setup

[Gaz Wilson <dragon () dragons org uk>]

Hi all,

I'm about to get *DSL in my village, and I am going to want to operate
a firewall naturally.  I know about blocking all incoming ports bar
any service I want to run and "return connections", but with the
increase in worms et al flying around (mixed network, UNIX and
Windows (prob 2k)), it strikes me that being a bit more proactive
and blocking certain outgoing ports would be a good idea.  I don't
need any MS based traffic leaving the private network, so I wanted to
ask the specialists, you lot, what your opinions are of what would be a
fairly secure set of ports to block to help stop info leakage etc?
(I don't want to block all outgoing except for known services though, as
the uses of the boxes on the network may vary and I don't want to have to
reconfig the firewall quite that often :) )

TIA

Gaz

-- 
  _           _          _a' /(   <.  # Gaz Wilson, aka DragonLord
 /_/ _   _/  / ` / _  ~~ _}\ \(  _  ) # E-Mail:   dragon () dragons org uk
/ \ /_'/_/  /_, / /_||/|/   \(,_(,)'  # Info: http://www.dragons.org.uk
Catch me with the Dragons. ._>, _>,   # Chat: http://www.redclaw.org.uk/

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------