dennylin93 said:It is much more convenient this way, but it has a higher risk. Occasionally, some programs will have vulnerabilities, and when they do, someone might take advantage of them and send some nasty stuff.
Yes, but as we all know, once we're not running win* OSes, the possibility to install trojans and/or viruses/malware on our boxes is extremely low. Moreover, if such a program reaches our boxes, then the traffic it will produce will probably be directed to "legitimate" ports...
I don't know, when I was younger I used to restrict even my laptop's outgoing traffic to specific ports, and I also used to log my block rules on disk. The more I get older the more I come to the conclusion that I do not gain much from this policy, and tend to leave all outgoing traffic of my external interfaces free (statefully), and block all incoming traffic except from the specific ports I run services on.
...then again, all these are personal opinions..