Software Firewall or No Software Firewall?

[gerard4143]

Software Firewall or No Software Firewall?

I've been surfing around trying to find a definite answer to this question and its seems like everything else it depends on your setup...Now I feel with the setup I have – A router with NAT and no available services running on my desktop computer – that a software firewall is redundant. I was starting to feel comfortable with this opinion until I stumbled apon a website that stated that a software firewall and a hardware firewall is required for absolute protection...So what's your opion...

My setup:
ArchLinux 2.6.32-ARCH
Desktop Computer(not mobile)
Router with NAT
and no available services running on my computer.

[MikeTbob]

My opinion:
I think the combination of a router with a well configured firewall and the fact that you are using Linux, with no unneeded services and probably good computer maintenance by you, makes a software firewall unnecessary. I know there are some folks who take computer safety far more serious than I do and that's okay, but I think the majority of Linux computer users are savvy enough to understand their own needs and will plan accordingly.

[Lazydog]

You can never go wrong with a firewall setup and running, as long as it is setup correctly.
But with NAT'ing turned on it would be kind of hard for anyone to break into your system from the outside without you setting up some sort of forwarding on the NAT device.

[HROAdmin26]

I was starting to feel comfortable with this opinion until I stumbled apon a website that stated that a software firewall and a hardware firewall is required for absolute protection

There is definitely no such thing as "absolute" unless you just unplug the cable.

As already mentioned, a router is typically a very good *incoming* firewall. Without any ports "forwarded" through it, it only lets traffic out of your home network - and the responses to those requests are allowed in as well. Any unsolicited traffic is dropped.

The problem nowadays is that most of your exploits originate on your machine. If you actively view a nasty website or run a bad program, then the exploiting code sends out something to the Internet. In that case, your router is not going to stop the traffic. It originates on your machine, is allowed to go out, and the response is allowed back in.

Software firewalls running on the desktop are usually only "more helpful" if they're configured to blocking *outgoing* traffic that should not be leaving the machine. Firewall rules for this level of protection can be very invasive and annoying. As always, security is a trade-off between convenience and protection.

Adding another "software firewall" that blocks all incoming and allows all outgoing is adding no additional layer of security than the existing "router."

[gerard4143]

Everyone thank-you for your responses. My experience and knowledge in this field is...well minimal.

Here's what I know/don't know:

A computer has ports.

A port can provide services to the outside world if it has a corresponding program/daemon up and running.

A port with no corresponding/running program/daemon? Is this a threat? Can an intruder access this port? I really don't know about this one.

Now the firewall:

A firewall can deny access to certain/all ports and to certain/all users..

Like I said I have a minimal understanding of this field but I've downloaded ufw and firestarter and I'm reading...

[that_guy_you_know]

im not too well experienced with this sort of thing myself but ill do my best.. first thats true unless you pull the plug theyres no such thing as absolute safety.. however i think a firewall helps a great deal. yes they can attack through open ports, but it depends on the port really.. some are always open and those are the dangerous ones. obviously depending on the OS youre running the open ports are most likely going to be different. i just switched to linux so im not sure much about the open ports on here, but i used windows for a while and it was horrible. i kept my firewall up 24/7 lol. the really bad ports on that was 23 and 5000. that was your telnet and UPNP ports. i blocked port 23 and disabled UPNP through msconfig. its also true though that while you may be safe from the outside coming in all you need is one wrong move. to click a script or somehting and that script could open up a dangerous port for an attack. that being said i think linux is a lot safer than most machines due to its infernal structure but i would recommend a firewall, but i dont think i would go bananas without one lol. hope this helped

[gerard4143]

Well my surfing continues but I did stumbled onto this little gem -

the below is quoted from 10 minutes to an iptables-based Linux firewall | Linux

/sbin/iptables -A INPUT -p tcp --syn -j DROP

"The previous statement will allow you to, as the user of the computer, performed all your normal Internet activities. You will be able to browse the Web, ssh out, or chat with a colleague on ICQ. On the other hand, the outside world, when trying to connect to your Linux box via TCP/IP, will simply be ignored. This is a reasonable solution for most Linux computers."

I think this is the simple solution I was looking for

[that_guy_you_know]

im pretty sure that just means if anyone trys to remotly connect to you unless its pretty much direct connect bypassing the NAT therye not going to get in. so yes i believe youve found your answer

[MikeTbob]

This is a reasonable solution for most Linux computers.

Just an FYI:
I think if you are running Samba for Windows networking. Then you'll need a new set of rules.