Posted by Steve on Wed 10 Oct 2007 at 09:29
For many years I've been configuring servers without firewalls, and generally find this a good way to do things. However several people have recently questioned my judgment on this manner, so I'm interested in hearing your thoughts.
My general belief has been:
I don't need a firewall, because all the services I run are supposed to be public.
To give a concrete example I run a webserver, and if I firewall access to port 80 nobody will see it! So, short of abusive clients, I have no reason to restrict that.
Similarly I may run other services and again they are supposed to be public.
There are some, minor, exceptions such as running a memcached server - but for those I will configure them sensibly, so the deamon(s) are only listening upon the loopback interface.
This seems to me to be a fine compromise:
I can easily believe I can make a mistake, and a firewall would prevent people from connecting to services which were accidentally public, but otherwise? Why should I run a firewall?
I've been reconsidering this policy a little recently, after implementing an outgoing firewall - designed to ensure that I'll not take part in a DOS, or similar, if my server is ever compromised by a non-root user. But so far I can't persuade myself that I'd be any better off.
Do you run a firewall? Incoming and outgoing? Does it really help you, or your security?
This article can be found online at the Debian Administration website at the following bookmarkable URL:
This article is copyright 2007 Steve - please ask for permission to republish or translate.