There are 2 main ports for web use, 80 for http traffic and 443 for https (Secure Websites) both of these will need to be allowed out. You may also need to open port 21 to allow ftp traffic. Some sites with audio and video content might use some additional ports for the media files. you may have to allow some of these as well. I would add a block all rule to the bottom of your rule set, 2 reasons for this. By default traffic not allowed out is blocked and will get reported to the log, this can result in large amounts of entries in your log files which can end up making it hard to spot external traffic being blocked if there is a problem. By addiing the block all rule to the LAN interface you can choose to log blocked packets or not, this means that when you are looking to see what ports are being used by an application trying to get out, you can switch logging on while testing and then switch it off when not needed.
hope this helps.
Mark.
|