So i want to block all unwanted out-bound traffic , specially traffic from unwarranted allowed ports both TCP and UDP and also get a email alert if any script or app tries to contact outbound port.
eg; if someone installs a IRC chat script, it should be block when deamon attempts to run and connect on configured outbound port etc.
I want a script to get all the attempt of this outbound traffic and email it so i can see the atttempts done.
The allowed ports will be the usual 80,993,25,3006 and other normal hosting related ports.
how do i proceed to make such setup? to start i can think of csf/apf and or tcp_wrapper with some iptables and finish it with bash script to collect/email the attempt. can someone guide me exactly on this?
thanks.