I am writing an article about servers within a LAN, and the importance of installing a firewall. I found myself wondering though what it is that a firewall actually blocks. I get that they obviously connections to ports, but if there is nothing listening on that port, what is the risk? Take for instance a LAN based web server with services (SSH & HTTP) listening on ports 22 and 80. What additional protection is the firewall offering by blocking connections to all other ports if there is nothing listening on those ports?
It all depends on your rules. I block everything by default, so I allow only DNS requests to my preset DNS, that prevents DNS hijacking. By default, I allow ports 80/443, if my browser wants to access various ports for video and downloads, it gets blocked, unless I allow it. You can get even more restrictive, if you allow only specific IPs or IP ranges for those, to prevent an unauthorized access.