Originally Posted by pinga123
The best way to disable any service is to block its port using firewall as well as block the service using chkconfig This prevents service to unnecessarily generate packets that get blocked by firewall in case the port is blocked.
No. Even though my response was flagged as unhelpful
by several people it's not correct to primarily block
the port via firewall.
If the service isn't running there's no need for a
firewall rule for it; as I pointed out already you're
just wasting RAM and CPU cycles to maintain lists and
filter packets against extra ports that no one would
be listing on in the first place.
A firewall rule makes sense if you want to block CERTAIN
people (IPs, subnets, ...) from accessing a service
you don't want to shut down all together.
It's a weird thought that numbers of opinion may become
more important than understanding the task at hand. =D
For me this thread is a classic case against the rating
scheme we introduced here at LQ.