Firewall really necessary?

Cliff Wells cliff at
Mon Apr 14 08:56:59 MSD 2008

On Sun, 2008-04-13 at 18:22 -0700, eliott wrote:
> On 4/12/08, dchapiesky at <dchapiesky at> wrote:
> >
> >
> > In my humble opinion...
> >
> > It is always best to have a firewall between you and the outside world.  In
> > some circumstances, two firewalls back to back is even better (make sure the
> > two are from different manufacturers...)
> >
> > The folks at work on tools which exploit open
> > ports and even with so few ports available, your system could be used as a
> > "zombie" tool by malicious people.
> >
> > So, put a firewall in, or install some kind of syslog filter/analyser which
> > will at least notify you of weird things going on...
> >
> > Daniel
> pf, for instance, also has the ability to 'scrub' packets (normalize
> them) before they are handed up to the rest of the stack.

pfsense is really amazing, if you can afford to put in a separate box.
I'm not a huge BSD fan, but there's nothing like it on Linux (or
anywhere else for that matter)


More information about the nginx mailing list