Comment on Do I really need a firewall for my server?
null_dot@lemmy.dbzer0.com 4 weeks agoI’ve heard this analogy before but I don’t really care for it myself.
It creates a mental image but isn’t really analogous.
In the case of a firewall on a server behind a NAT, ports forwarded through the NAT are holes through the first several slices.
elvith@feddit.org 4 weeks ago
If done correctly, those may only be open from the internet, but not from the local network. While SSH may only be available from your local network - or maybe only by the fixed IP of your PC. Other services may only be reachable, when coming from the correct VLAN (assuming you did segment your home network). Maybe your server can only access the internet, but not to the home network, so that an attacker has a harder time spreading into your home network (note: that’s only really meaningful, if it’s not a software firewall on that same server…)
null_dot@lemmy.dbzer0.com 4 weeks ago
Sure mate, keep trotting out the dumb swiss cheese analogy. Fine by me.