Gentoo Archives: gentoo-user

From: Grant <emailgrant@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] What if the firewall doesn't start?
Date: Tue, 27 Feb 2007 03:27:00
1 > > > Anyway, a closed port remains closed whether a firewall is running,
2 > > > or not.
3 > >
4 > > I thought the firewall specified which ports to open/close.
5 >
6 > Not quite, but we might be running into terminology here.
7 >
8 > The app that is listening a port opens the port. This has nothing to do
9 > with the firewall. The firewall is simply an extra level of checks
10 > applied before the packet is allowed thorugh the firewall to be
11 > received by the kernel, in the same way that a bouncer allows or
12 > disallows the public to enter a club. If the bouncer is off sick, the
13 > public gets to walk through the door up to reception, assuming the club
14 > is open for business.
15 >
16 > What Mick was referring to is that if a service is running, it's still
17 > going to listen on it's port whether iptables is running or not. So, in
18 > the absense of iptables (i.e. your bouncer is off sick), you hopefully
19 > have a decent password strategy in use by whatever is actually
20 > listening on the box.
22 So as far as incoming connections are concerned, if there are no
23 listening applications, there is no need for a firewall?
25 - Grant
26 --
27 gentoo-user@g.o mailing list


Subject Author
Re: [gentoo-user] What if the firewall doesn't start? Mick <michaelkintzios@×××××.com>
Re: [gentoo-user] What if the firewall doesn't start? Alan McKinnon <alan@××××××××××××××××.za>