Firewall really necessary?
Cliff Wells
cliff at develix.com
Mon Apr 14 08:56:59 MSD 2008
On Sun, 2008-04-13 at 18:22 -0700, eliott wrote:
> On 4/12/08, dchapiesky at juno.com <dchapiesky at juno.com> wrote:
> >
> >
> > In my humble opinion...
> >
> > It is always best to have a firewall between you and the outside world. In
> > some circumstances, two firewalls back to back is even better (make sure the
> > two are from different manufacturers...)
> >
> > The folks at http://www.metasploit.com/ work on tools which exploit open
> > ports and even with so few ports available, your system could be used as a
> > "zombie" tool by malicious people.
> >
> > So, put a firewall in, or install some kind of syslog filter/analyser which
> > will at least notify you of weird things going on...
> >
> > Daniel
>
> pf, for instance, also has the ability to 'scrub' packets (normalize
> them) before they are handed up to the rest of the stack.
pfsense is really amazing, if you can afford to put in a separate box.
I'm not a huge BSD fan, but there's nothing like it on Linux (or
anywhere else for that matter)
Regards,
Cliff
More information about the nginx
mailing list