Firewall really necessary?

eliott eliott at
Mon Apr 14 05:22:16 MSD 2008

On 4/12/08, dchapiesky at <dchapiesky at> wrote:
> In my humble opinion...
> It is always best to have a firewall between you and the outside world.  In
> some circumstances, two firewalls back to back is even better (make sure the
> two are from different manufacturers...)
> The folks at work on tools which exploit open
> ports and even with so few ports available, your system could be used as a
> "zombie" tool by malicious people.
> So, put a firewall in, or install some kind of syslog filter/analyser which
> will at least notify you of weird things going on...
> Daniel

pf, for instance, also has the ability to 'scrub' packets (normalize
them) before they are handed up to the rest of the stack.

More information about the nginx mailing list