egress ip whitelist possible mitigation?

[JoostLambregts]

The attack vectors I have seen rely on communication with an external evil server. Would an egress ip whitelist mitigate the log4shell vulnerability? If so, I think this should be included in the 'Who is impacted' and 'Mitigation' sections.

[breadchris]

@JoostLambregts there are a number of posts talking about this approach, https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/ and https://blog.accuknox.com/log-4j-exploit-and-mitigation/ are a few, while we do not recommend using this as a permanent fix, depending on how much your infrastructure is at risk, this could be useful for some of your more core services.

You are right that we should at the very least include this as a solution that could possibly help, but we will also highlight the risks of doing this.