Security Portal: Linux Firewalling and Port Behavior | Linux Today

Security Portal: Linux Firewalling and Port Behavior

Written By
Web Webster
Web Webster
Nov 2, 2000

I rebuilt my gateway server, and decided to go gung-ho when
it came to firewalling – a default deny policy for input, output
and forward chains. Needless to say, this breaks a lot of
things.
Well, it breaks basically everything, until you start
putting in rules to allow packets through. Using a default deny
policy in Linux is tricky because the firewall in kernel 2.2 is not
stateful. (It is stateful in 2.4, but that is still in a test
series and several months off from release.) With a stateful
firewall you can make simple rules: “If you see an outgoing
connection, let the incoming packets associated with it through.”
If your firewall is not stateful, you will have to create many
rules to allow services to work for clients. This can be annoying
if you really want to lock your firewall down. Here’s what it comes
down to: Creating a really tight firewall in Linux is a pain.”

“But all is not lost. Several tips and tricks can aid you in
creating a tight firewall. The first trick looks at the local port
numbers that the system uses for outgoing connections. All TCP
connections have a source port and address, and a destination port
and address. If you want to control which ports connections are
allowed to go out on – and thus the incoming packets you will need
to allow in – you must know the port range. Otherwise, to let
connections out and the reply data back in, you’ll need to allow
all the ports in, 65,535 of them.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.