Timeline for Default requirement for Linux-as-a-server system to have network operability under firewall
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 30, 2022 at 20:03 | vote | accept | Digika | ||
| Apr 30, 2022 at 17:31 | comment | added | A.B | Last but not least: I put various links in my answer. One of them the documentation on Arch Linux, an other about conntrack on Wikipedia. You really should read them. | |
| Apr 30, 2022 at 17:21 | comment | added | A.B | I think you are applying Windows assumptions on Linux. Accepting a connection on port 80 never creates any other port. | |
| Apr 30, 2022 at 17:20 | comment | added | A.B | And there is no "delegated to other random port than 80" either. | |
| Apr 30, 2022 at 17:19 | comment | added | A.B | This does not happen. How would there be a relation between ports 9000 and 9001? | |
| Apr 30, 2022 at 16:57 | comment | added | Digika | Isnt this rule creates loophole? Let's say I have a service that binds ports 9000 and 9001. Now, there is no way to configure said service to disable 2nd port for extra functionality, so, taking into the context my desired firewall setup, I block all but allow 9000. Wouldnt the stateful rule then automatically allow later 9001 as well as a part of the network state of the app? This is what essentially happens with web-server, connection to 80 then delegated to other random port so 80 can accept next query. | |
| Apr 30, 2022 at 15:37 | history | edited | A.B | CC BY-SA 4.0 | other wikipedia link about conntrack itself |
| Apr 30, 2022 at 15:23 | history | edited | A.B | CC BY-SA 4.0 | added link to manpage |
| Apr 30, 2022 at 15:17 | history | answered | A.B | CC BY-SA 4.0 |