Why would anyone configure it to do that?

Like, I understand the really restrictive ones that only allow web browsing. But why allow outgoing ssh to port 22 but not other ports? Especially when port 22 is arguably the least secure option. At that point let people connect to any port except for a small blacklist.

▲

josephcsible 6 hours ago | parent | next [-]

Middlebox operators aren't known for making reasonable or logical decisions.

▲

9dev 5 hours ago | parent | prev | next [-]

Asking back, when I limit the outgoing connections from a network, why would I account for any nonstandard port and make the ruleset unwieldy, just in case someone wanted to do something clever?

▲

Dylan16807 5 hours ago | parent [-]

A simple ruleset would only block a couple dangerous ports and leave everything else connectable. Whitelisting outgoing destination ports is more complicated and more annoying to deal with for no benefit. The only place you should be whitelisting destination ports is when you're looking at incoming connections.

	▲	9dev 4 hours ago \| parent [-]
		I definitely block outgoing ports on all our servers by default; Established connections, HTTP(S), DNS, NTP, plus infra-specific rules. There is really no legitimate reason to connect to anything else. The benefit is defence against exfiltration.

▲

otterley 6 hours ago | parent | prev [-]

I’m not a network security expert, so I don’t know the threat model. I just know that this is a thing companies do sometimes.