It would be dangerous for a production server, especially one exposed to the internet, to not filter its network traffic. As software or DevOps engineers, we open up ports for services like SSH or web servers as a necessary, accepted risk. However, that does not mean we should ignore all other traffic destined for our host. To minimize risks, we need to filter all other traffic and make pragmatic decisions on what gets in and what gets out. Therefore, we use firewalls to monitor the incoming and outgoing packets on a network or host. Firewalls come in two varieties. A network firewall is usually ...