Hi everyone,
configuring my firewall policy which I finally got working.
I created two rules:
Block Outbound VNC local port: blank, remote port: 5800,5900
Block Inbound VNC local port: 5800, remote port: blank
I did this because I know VNC when connecting outbound to port 5900, the local port will connect to any available port (for example I see in my firewall logs that it connected to port 1827).
Because of this, I felt the need to have to leave the local port blank so it can pick an available port on its own.
Is this the only way to set it up? Meaning, do I have to have a rule for inbound VNC connections from another machine connecting to mine, and then a rule for outbound to prevent clients from attempting to VNC to another machine, or is there a way to combine them both?
If I want to allow outbound but prevent inbound, I would have to have 2 rules in that case, correct?