[lug] Why Do I Need a Firewall?

Bill Thoen bthoen at gisnet.com
Wed Oct 3 18:24:33 MDT 2007


I've got an experiemntal FC5 machine that supports a web server, does not run
sendnmail, supports ftp only when I turn the service on, and supports ssh
(to which I want access from my laptop which gets its IP via DHCP from
different services, so it's not static and therefore I need to allow access
from anywhere). I have no other services listening to any ports (according
to lsof). If I'm working on this machine locally, I want access to all
services it can provide.

So I set up a firewall that drops all incoming tcp and udp packets except
requests for port 80, 443 (web) and 22 (ssh) and 21 (ftp) and any icmp. All
output requests are passed through because I've set the OUTPUT policy to
ACCEPT. With the exception of those that I've mentioned, any other incoming
packets are dropped because I've set the default INPUT policy to DROP.

But in this particular case, how necessary is a firewall? I've only got
services listening on 3-4 ports for incoming requests. Otherwise, it's a
single-user machine so there's no danger that there will be rogue requests
from some ignorant or disgruntled employee. It's basically a workstation
with a couple of Internet-accessable servers running on it. I guess what
I'm wondering is, in this case, if I didn't have a firewall at all, what
could somebody from the outside do to mess with this machine? With such a
simple set up, why do I need a firewall and what should I set it to filter? 

- Bill Thoen




More information about the LUG mailing list