Why use a firewall?

simvin76 · Tux's lil' helper Joined: 05 Oct 2005 Posts: 96

Hello

I have a box running chrooted bind, sendmail, uw-imap, apache and ssh.
Why should I run a firewall? The firewall would accept communication to these sevices, blocking all else.
Without a firewall, anything sent to an unused port would be dropped?

On the forum it is generelly said that you should have a firewall. What have I missed? I only use services I need and I have configured those to the best of my abillities.

/Simon

biznatch · Posted: Sat Feb 18, 2006 2:57 pm Post subject:

An IPTables firewall can help prevent DOS and other types of attacks (if you use the right rule set). You can also use it to blacklist hosts/networks that try to attack you... Because believe me, if you put a Linux box directly on the internet, someone is going to attack you.

The firewall also gives you some pretty cool logging and rate limiting capabilities.

Disclaimer: I have never setup an IPTables firewall, but from what I read about you can do all this and much more.
_________________
While your waiting for your post to be answered, please help with unanswered posts.

sloof3 · Tux's lil' helper Joined: 09 Sep 2004 Posts: 75

For services like SSH you might want to restrict where you can connect from since it's a service aimed to give people a shell on your system. I know OpenSSH has the capability to only allow connections from certain IP addresses but a firewall could make it apprear that the service doesn't exist at all to IPs you haven't explicitly allowed. Which is good in case (rather when) someone tries to run a bruteforce common username/password attack. For the other services you can set rate limiting with IPtables. Another benefit would be for you to know exactly what traffic would get through the firewall since you could configure it for only the services you want. Which prevents accidental services from being exposed to the internet.

--sloof3