[Courses] [Security] Firewall theory -- general

[Hamster]

Hey Raven,

>Clients that open connections to servers use high
> numbered ports.  

The numbers that the clients choose to initiate from - is that a predefined port, or do they pick it at random?

> When the server sends its reply packets back to the client, they'll be
> sent to port 35642.  So if you set up a firewall that blocks all ports
> except for the services you run, you get this:
> 
> Client:     ---------------|----|---------------->  Server
> 10.1.1.47, port 35642      | fw |                   10.1.1.2, port 22
>                            |   *|----------------

Ok, now I'm a bit confused here.... If I only block incoming ports, then doesnt that mean that the server can still send stuff out on any port??
 
> Any other suggestions for things
> we might want to look at in our firewall?

uh oh. Questions like that make me wonder if I have missed something obvious. Like making sure its plugged in.

One thing is maybe decide if should drop or deny?