Quote:
Originally Posted by jbeiter
our production systems reside on a pretty secure network architecture...
|
good security comes in layers
Quote:
therefore there are no filters defined in iptables.
|
so that makes me doubt statement one.
Quote:
So does iptables even need to be running or is it just taking up resource for nothing?
|
No, it doesn't
need to be running, in the same way that you don't
need security, you don't
need to keep your data safe and you don't
need to have access to the outside world. Might still be useful, though.
You can usually define simple, low impact, rulesets that give a measure of protection, that while they might not be what you would want in a server facing the big bad internet, offer an additional level of protection and logging that should be seen as desirable.
BTW, even logging spurious traffic can give early warning of things going awry; which would you rather do, know early or wait until the problem is a crisis?