Firewall/NAT

I had a conversation this morning with a friend about applications that "call home" and it got me thinking, because a few weeks ago while reading an article on grc.com I came across and leak test program that Steve Gibson had written to test your firewall.

Being that we are protecting ourselves from things coming in, but how do we protect ourselves from things getting out. For example if my laptop gets infected while in the wild, and take it home on my network, how do I prevent it from sending out mass mails, or sensitive information using mOnOwall?

Are there any configuration tips?

Limit what ports you have open. There's no reason to let out SMTP from your laptop if you have an internal mail server, and if you don't there's no reason to let it out to anything but your ISP's mail server IP's.

If you only allow the bare minimum, you're doing as much as you can at the firewall level. But that really doesn't buy you a lot, because malware takes advantage of the fact that it's much more likely to be able to get out on TCP 80.

As for Gibson's silly "leak test", you'll need a host based firewall to plug that "leak." That program has legit uses for testing host based firewalls, but instead Gibson would rather spread FUD amongst the masses by making them believe their firewall has a terrible "leak" and not clearly explaining what that actually means, why you may very well not care, and what can resolve it.