[–] 6056425? 0 points 1 point 1 point (+1|-0) ago
there is no hole punched in a firewall. it's software interacting, or coming online on an ip address listening for incoming TCP/UDP on a specific port
That data would not be able to come in and reach the internal network in if you did not send out the request first. So it does punch a hole in the firewall that would not have existed there if the application, you use did not reach into the Internet. More different cloud connection, more holes you have punched in your firewall that can be hijacked by a malicious router/site.
[–] sixsicsix ago (edited ago)
If a service is listening on a port, data can come in, too. Its not just about talking outbound on an ephemeral port.
Network security is mainly about washing incoming stuff. Keeping the outbound safe involves not using proprietary code and maintaining some level of access control Minimum permissive possible.