[1][2] Leaving ports open in firewall configurations exposes the protected system to potentially malicious abuse.
For protection, the mechanism for opening a pinhole in the firewall should implement user validation and authorization.
For firewalls performing a network address translation (NAT) function, the mapping between the external IP address, port socket and the internal IP address, port socket is often called a pinhole.
Firewalls sometimes automatically close pinholes after a period of time (typically a few minutes) to minimize the security exposure.
Applications that require a pinhole to be kept open often need to generate artificial traffic through the pinhole in order to cause the firewall to restart its timer.