Let's say you are running a linux server and all you are running on it are games. Do you think you really need a firewall?
If the only services running are ssh, ftp, and the games themselves and all other ports are closed. Is a firewall really necessary? Is the machine any less secure than it would be had there been a firewall in place?
This involves taking nothing for granted, and employing those layers which are practical to manage in an ongoing manner.
That stated, a firewall is one of those layers / measures which should be utilized.
You think iptables/ipchains will use much cpu on a linux box?
I was running sygate pro on my windows 2003 server and i would notice the cpu to jump to like 10 percent on a dual opteron box. The machine will push a fair amount of data. At least 5MBps at peak times.
I couldn't stress enough how necessary a firewall is on the server, EXCEPT when you have an external firewall, which is when you can have the option. A server is an investment, you don't want that investment not working properly.
IPtables will not take up much server resources at all, and, if you were under an attack, it would save you server resources in the form of bandwidth. IPtables is configured into the linux system, at the core of the operating system, Sygate on windows is a GUI application, there is a BIG difference.
Depending on your configuration there are a lot of different ways and rules to put in your iptables, asking someone here for what they use is probably a good way to start, as well as searching the forum before you ask a question and get flamed for it.
Are you sure that Sygate on Windows IS a gui application?
Sure there is a gui management interface but if that is closed the actuall process doing the firewall functions would be the sygate service that runs in the services area. I imagine that it hooks into the net calls and runs from that location.
Needless to say to me the firewall will allow permitted traffic on the ports you open via the firewall. Any ports you don't open, via the firewall, will have no traffic. The same I imagine if there were no ports open to begin with and you were running with a firewall. I will run some tests and see if really impacts performance. If it does affect my performance and I can successfully close ALL unneeded ports properly then I don't really see how a firewall will make that much difference.
Please explain how a firewall protects a machine for example that has NO ports open at all. I am no amateur when it comes to computers and setting up networks but to me it seems that you have no need for a firewall if there are no exploitable services on the machine that is connected to the internet. If I had a machine that ONLY served NTP requests and only the ports necessary to support NTP requests were open, then you don't need a firewall to protect any other ports.
The only way I could see using a firewall would be to limit outbound traffic should, if by chance, the box was compromised. Even then if the box is compromised the person which compromised it probably knows how to disable the firewall anyways.
Do the packets get dropped by an ipchain/iptables rule better/quicker/with less cpu over head than just getting dropped because no port is open at all to respond?