What does "incoming" and "outgoing" traffic mean?
I've seen many resources explaining how to set up a server's firewall to allow incoming and outgoing traffic on HTTP standard ports (80
and 443
), but I can't figure out why I would need either of them. Do I need to unblock both for a "regular" web site to work? For file uploads to work? Are there situations where it would be advisable to unblock one and leave the other blocked?
Sorry if that's a basic question, but I couldn't find it explained anywhere (also I'm not a native english speaker). I know in a "regular" web site the client is always the one who initiates a request, so I'm assuming a web server must accept incoming traffic on those ports, and my common sense tells me the server is allowed to send a response without unblocking anything else (otherwise it wouldn't make sense to have two types of rules). Is that correct?
But what is an outgoing web (service) traffic, and what would be its use? AFAIK if the server wanted to initiate a connection with another machine, the specific port that matters is the one in the other end (i.e. the destination port would be 80
), on its end any free port could be used (the source port would be random). I can open HTTP requests from my server (using wget
for instance) without unblocking anything. So I'm assuming my concepts of "incoming" and "outgoing" are wrong somehow.
Solution 1:
"Incoming" and "outgoing" are from the perspective of the machine in question.
"Incoming" refers to packets which originate elsewhere and arrive at the machine, while "outgoing" refers to packets which originate at the machine and arrive elsewhere.
If you refer to your web server, it mostly accepts incoming connections to its web service, and only occasionally (or maybe never) makes outgoing connections.
If you refer to your web client, it mostly makes outgoing connections to other services, and only occasionally (or maybe never) accepts incoming connections.
Clear as mud now?
Solution 2:
In your case you only have to let incoming requests to port 80.
When a connection is established, the firewall will automatically let packets out back to the client's port. You don't need to create rules for that because the firewall knows.
Solution 3:
Without any context as to what the particular text you read means when they refer to "outgoing web service" traffic, I'll take the simplest approach in my answer:
You have a firewall at the ingress/egress of your network.
The firewall comes in a fully locked down state and allows NO inbound or outbound traffic.
In order for your internal clients to browse external web sites you need to configure an "outbound web service" rule that allows them to connect to said external web sites.
In the simplest terms the rule would read something like this:
ANY internal host to ANY external host where the destination = TCP Port 80 then ALLOW.