{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidii3gyjv2oeubc22jnkrvuef74qutbevcrbblqzwsuykectpdkve",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mg7m5qvrddh2"
  },
  "path": "/t/ports-dilemma/35900#post_4",
  "publishedAt": "2026-03-04T05:01:31.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Blocking outbound ports while allowing 443 is security theater. The effective way to mitigate exploits is by segmenting traffic and devices at various levels (VLANs, virtual machines, application containers). For DNS, you could run your own server and enforce DNSSEC to ensure that responses to DNS queries are authentic and have not been tampered with. This will also bypass most forms of censorship by ISPs (relevant in Europe and some other places where governments coerce ISPs into censorship of piracy and other activities).",
  "title": "Ports dilemma"
}