Say I have a well updated Linux VPS serving HTTP content on port 80 using apache. What would I gain by enabling IPtables?
I can see no obscurity gains since the machine has a port open. Also, since the machine is constantly updated I trust the kernel to securely handle incoming requests on closed ports, which is reasonable right? I hear everywhere that I need to enable iptables but I fail to see the gains. Am I missing something?
You’re using Ubuntu, which like its Debian parent has the nasty bad habit of enabling and starting every service which gets installed onto the system, whether they are wanted or not. This increases your attack surface; you should check carefully for unwanted services.
In this scenario the firewall helps you by ensuring that only the services you want to be open to the public are actually reachable.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.