A while ago, I was trying to figure out how to get Half - Life Dedicated Server working in Debian linux. I recall being able to get the firewall working the way I wanted to with other servers like "XRDP" but I could not get HLDS to show up on the server browser.
I then thought up the question "Would it make sense to disable the firewall on a server if its behind a router?":
A while later after I went back to Windows Server 2019 but needed help with Source Dedicated Server. So I went to this website
Apparently, the author here is advising that its a good idea to disable the firewall in windows server and let the router do all the firewall work. In this case, my router running OpenWRT 23.05 on a WRT3200ACM.
Is this a good idea? or is the author of this article out of his mind?
These days, the common mantra is "zero trust networks" - treat your network as compromised and secure each client accordingly (as if it would be on the open internet, directly, so with its own firewall). Considering that javascript/ webassembly do have quite some access to your browser and not even thinking about basically never updated IoT- or smarthome device (not that common smartphones would be much better), that is a good idea to follow (not quite to the extremes, but still).
I would say kind of. It seems that when it comes to windows server, any program on the LAN can go in/out of the server. But it seems to me that with linux, its way more secure with its firewall because of how you have to open up ports in order for programs to go in and out of the server.
AFAIK anyway. I am still trying to wrap my head around this kind of stuff.
Anyway, so its advised to keep the firewall enabled at all times on all devices no matter if it be in the home or some corporate enviroment.
EDIT: Apologies, but my post was meant as a response to frolic. idk how to modify my post accordingly so I am leaving this message stating this here instead.
assuming you have the port "open" in the win firewall, you should be able to use telnet or netcat/nc to verify if they're accessible externally, which in this case, is your router's LAN side, as a 1st step.
if your router can't see them open, no one else will.
I agree with @slh, keep as much protection on, as possible.
based on the page layout, FF saying the last time page was modified was in 2011, and the fact they mention Win XP and Win server 2003, yeah, that could be the case
Certainly correct, but I was mostly latching on the 'server' part for devices that actually are supposed to provide services to the open internet - which is a rather bigger fish to fry, than 'just a client' (and you're right, there is no 'just a client' either, nor has there ever been (net send/ MSBlast, etc.))
