Posted by Steve on Wed 10 Oct 2007 at 09:29
For many years I've been configuring servers without firewalls, and generally find this a good way to do things. However several people have recently questioned my judgment on this manner, so I'm interested in hearing your thoughts.
My general belief has been:
I don't need a firewall, because all the services I run are supposed to be public.
To give a concrete example I run a webserver, and if I firewall access to port 80 nobody will see it! So, short of abusive clients, I have no reason to restrict that.
Similarly I may run other services and again they are supposed to be public.
There are some, minor, exceptions such as running a memcached server - but for those I will configure them sensibly, so the deamon(s) are only listening upon the loopback interface.
This seems to me to be a fine compromise:
I can easily believe I can make a mistake, and a firewall would prevent people from connecting to services which were accidentally public, but otherwise? Why should I run a firewall?
I've been reconsidering this policy a little recently, after implementing an outgoing firewall - designed to ensure that I'll not take part in a DOS, or similar, if my server is ever compromised by a non-root user. But so far I can't persuade myself that I'd be any better off.
Do you run a firewall? Incoming and outgoing? Does it really help you, or your security?
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2007 Steve - please ask for permission to republish or translate.