> > Anyway, a closed port remains closed whether a firewall is running,
> > or not.
>
> I thought the firewall specified which ports to open/close.
Not quite, but we might be running into terminology here.
The app that is listening a port opens the port. This has nothing to do
with the firewall. The firewall is simply an extra level of checks
applied before the packet is allowed thorugh the firewall to be
received by the kernel, in the same way that a bouncer allows or
disallows the public to enter a club. If the bouncer is off sick, the
public gets to walk through the door up to reception, assuming the club
is open for business.
What Mick was referring to is that if a service is running, it's still
going to listen on it's port whether iptables is running or not. So, in
the absense of iptables (i.e. your bouncer is off sick), you hopefully
have a decent password strategy in use by whatever is actually
listening on the box.
So as far as incoming connections are concerned, if there are no
listening applications, there is no need for a firewall?
- Grant
--
gentoo-user@gentoo.org mailing list
