If you allow applications to open their own ports (e.g. with uPnP), then you gain no real security advantage compared to simply allowing the traffic through. Blacklisting specific ports due to security issues is a workaround at best, a leaky patch for insecure protocols that can't do their own authentication. Static firewalls have their place providing layered defense for dedicated systems--for example, making sure that your web server can only receive incoming connections on port 80--but general-purpose workstations, and especially mobile devices, need to be self-contained, secure in the face of a direct connection to the Internet with no intervening firewall. The only reasonable place to implement that security is in the server software itself, backed up by OS-level local security primitives.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds