Why use a firewall when ports are closed anyway ?

[elephant__]

Hi,

After spending hours setting up a firewall I started to get puzzled about why I was doing it in the first place.

If I'm running a linux gateway that masquerades windows machines addresses from my network and all the ports are closed on my gateway is there any point in running a firewall ?

Does restricting incoming tcp packets to those with the ACK flag set prevent any possible intruders ?

[imdeemvp]

dont you want to see you is trying to access your box??

btw....here a great firewall for some popular distros: http://firestarter.sourceforge.net/news.php

[jago25_98]

As well as control access you can also:

- log
- mangle (i.e. CBQ)

[Anigel]

It is highly unlikely that every single port is closed without some serious modification of most default installs.

If ports are closed, it does alert people to the fact that your system is there, where a decent firewall with not respond at all to requests leaving people to believe that there is not even a system there.

Portscans can be conducted very quickly where a port is closed and an entire profile of any vulnerabilities your system may be open to is compiled in no time.

A firewall massively increases the amount of time taken to scan your computer and an adaptive firewall will automatically react to any attempts to look at your system to give you better security.

Without a firewall in place, you would have no idea that anyone was even looking at your system and believe me, Without a firewall in place, they would be.

In the case of a multi user system, without a firewall, users can manage to open ports and blow your whole immunity, a firewall will prevent access to that port even if a user does inadvertantly open it.

If indeed every single external port is closed, then the benefits are just those already stated.