* Re: [gentoo-user] What if the firewall doesn't start?
@ 2007-02-27 6:59 99% ` Mick
0 siblings, 0 replies; 1+ results
From: Mick @ 2007-02-27 6:59 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1729 bytes --]
On Tuesday 27 February 2007 03:21, Grant wrote:
> > > > Anyway, a closed port remains closed whether a firewall is running,
> > > > or not.
> > >
> > > I thought the firewall specified which ports to open/close.
> >
> > Not quite, but we might be running into terminology here.
> >
> > The app that is listening a port opens the port. This has nothing to do
> > with the firewall. The firewall is simply an extra level of checks
> > applied before the packet is allowed thorugh the firewall to be
> > received by the kernel, in the same way that a bouncer allows or
> > disallows the public to enter a club. If the bouncer is off sick, the
> > public gets to walk through the door up to reception, assuming the club
> > is open for business.
> >
> > What Mick was referring to is that if a service is running, it's still
> > going to listen on it's port whether iptables is running or not. So, in
> > the absense of iptables (i.e. your bouncer is off sick), you hopefully
> > have a decent password strategy in use by whatever is actually
> > listening on the box.
>
> So as far as incoming connections are concerned, if there are no
> listening applications, there is no need for a firewall?
As I understand it, no. However, a firewall is there to offer additional
functionality and protection by logging packets, filtering the amount of
incoming packets, proactively blocking some of these from coming in, etc.
After all you would be less inclined to allow a machine which has been
scanning your server ports for the last 10 minutes to try to authenticate on
a legitimate service port, right?
http://www.gentoo.org/doc/en/articles/dynamic-iptables-firewalls.xml
--
Regards,
Mick
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2007-02-25 19:58 [gentoo-user] What if the firewall doesn't start? Grant
[not found] ` <200702262129.52581.alan@linuxholdings.co.za>
2007-02-27 3:21 ` Grant
2007-02-27 6:59 99% ` Mick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox