I'm trying to get i bit more into security's best practices for my personal knowledge.
Actually i'm not able to understand the necessity of configuring a Firewall like iptable if i can trust my server's setup.
In my actual state of mind, this can be explained this way: If i know that only:
- A web server listening on port 80
- A ssh server listening on port 22
- An api server listening on port 8080
are running on my server, any incoming trafic on my (only) ethernet adapter eth0 that does not use port 80, 22 or 8080 will get lost because there is no process listening on those ports.
This mean nothing consuming the incoming packets, so they are simply droped.
With that in mind, i do not understand the necessity of configuring iptable to accept only tcp traffic on port 80, 22 and 8080.
This was all before i watch this great video:
https://serversforhackers.com/video/firewalls-basics-of-iptables
The video present how to setup an iptable config to do exactly that: Only accept incoming traffic on port 80, 22 and 8080 and drop all others input packets.
I guess that there is a reason to do that, but i can't actually find it.
Can you explain why is this iptable configuration is needed ?
Is there differences between a packet drop by iptable and a packet not 'consumed' by any application running on the server?
Thanks a lot.
