Hi again, guys.

I'm currently playing with several of the firewall distros and today came across a problem I don't know how to handle correctly.

I first noticed the issue with Endian (which has a set of pre-defined firewall rules), but after adding some basic rules to Vyatta (namely blocking all outbound TCP except for http(s), IMAP(s), POP3(s), SMTP, DNS), hit the same query.

One of the sites I visit is https. I was having difficulty connecting to it. Upon examining the logs, there were some outbound TCP SYN requests that were being blocked, destined for ports 843 and 32256/32257. Allowing these ports out cured the problem.

For future reference, though, rather than open ports (which could vary by the look of it), I was wondering if it was OK to, say, allow all outbound SYN requests from the lan? Or SYN requests for established connections only? Or am I paving the way to vuln city?

Thanks.