| View previous topic :: View next topic |
| Author |
Message |
mactalla
n00b
Joined: 24 Sep 2005
Posts: 11
|
 Posted: Sat Jun 17, 2006 6:41 pm Post subject: confused re: firewalls |
 |
|
Forgive this extremely uneducated question about the necessity of firewalls.
For an individual home workstation, I'm having difficulty understanding the necessity of a firewall (we're talking about a Gentoo system kept up to date here). As I understand it, a typical firewall setup is to allow all outgoing connections and replies to requests initiated from the computer, but to block all new incoming connections. And my understanding of ports is that a port must be opened by an application who then listens on that port. So if no application is listening on a port, then you automatically don't receive any connections from the outside, right? And if you have an application which listens on a port, then typically it's because you WANT to receive connections. So then it only comes down to rogue applications (such as spyware or malware), which is rather a non-issue (so far) while we remain with only reputable open source software.
So then where is the need for a firewall? What am I missing / what do I misunderstand?
many thanks. |
|
| Back to top |
|
 |
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Sat Jun 17, 2006 6:53 pm Post subject: Re: confused re: firewalls |
|
|
| mactalla wrote: | Forgive this extremely uneducated question about the necessity of firewalls.
For an individual home workstation, I'm having difficulty understanding the necessity of a firewall (we're talking about a Gentoo system kept up to date here). As I understand it, a typical firewall setup is to allow all outgoing connections and replies to requests initiated from the computer, but to block all new incoming connections. |
Thats what most home/NAT routers do. A 'real' firewall has default rules incoming/outgoing as default set to no.
Afterwards the needed exceptions are allowed explicitly for *both* incoming and outgoing direction (plus forwarding mostly as third).
| mactalla wrote: | | And my understanding of ports is that a port must be opened by an application who then listens on that port. So if no application is listening on a port, then you automatically don't receive any connections from the outside, right? |
Yes.
| mactalla wrote: | | And if you have an application which listens on a port, then typically it's because you WANT to receive connections. |
What about applications which cannot be configured to restrict who is allowed to connect?
E.g. you have a machine with a ftp server running and only want to have some ip addresses allowed to connect to it.
If the application itself cannot restrict here you need some sort of firewall.
Plus - if you have a (seperate) firewall it isn't harmful e.g. to open up some service on a local box by accident/config error. With no firewall in front you'd have a problem.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
lxg
Veteran
Joined: 12 Nov 2005
Posts: 1019
Location: Aachen, Germany
|
| Posted: Sat Jun 17, 2006 6:57 pm Post subject: |
|
|
A firewall in Linux is different from what Windows users know as firewall. Usually, with firewall we mean a low-level filter (TCP/UDP and below) that filters connections on ports, network devices and by some other criteria (e.g. remote host). It is not some sort of "Personal Firewall" that is being sold to novice PC users and is a mixture of a firewall and a so-called ALG (Application Level Gateway; a high-level filter as for example Zorp).
You need a firewall if you run a server, mostly in order to (a) prevent common low-level (in the above sense) attacks like different flavors of DoS (Denial of Service) attacks and (b) in order to prevent unwanted connections to the outside (e.g. a malicious service or user wanting to run his own IRC server  ).
Surely, you could abstrain from using a firewall on a home machine. Some people say it is hard to configure and use iptables. This may be true for iptables itself; but there are great and easy to use frontends for iptables like firehol, shorewall, (both command line with easy syntax), firestarter (GTK/Gnome) and guarddog (KDE), just to name some. So I'd suggest you to set up a firewall anyways, it's easy and you'll gain extra security.
_________________
lxg.de – codebits and tech talk |
|
| Back to top |
|
|
mactalla
n00b
Joined: 24 Sep 2005
Posts: 11
|
| Posted: Mon Jun 19, 2006 3:54 am Post subject: |
|
|
| Thanks for your replies, I appreciate it! |
|
| Back to top |
|
|
atomopawn
n00b
Joined: 19 Jun 2006
Posts: 5
Location: Farmville, VA, USA
|
| Posted: Mon Jun 19, 2006 6:23 am Post subject: Other reasons.... |
|
|
| There are also many other reasons you might want to use a firewall at home. With a little fancy iptables work, you can set up rudimentary parental controls (block all internet access after 10:00pm, for instance), attach several systems to a single IP address (with NAT), circumvent ISP limitations by forwarding non-standard ports to standard ones (for instance, running a web server on port 80, but also forwarding TCP 8880 packets to port 80), limit the number of packets that can cross the firewall in a certain period of time (to prevent DoS attacks) and much, much more. Of course, you may not have a need for any of these little tricks -- but they can be fun and very, very useful. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
