Firewall really necessary?
eliott
eliott at cactuswax.net
Mon Apr 14 09:30:11 MSD 2008
On 4/13/08, Cliff Wells <cliff at develix.com> wrote:
>
> On Sun, 2008-04-13 at 18:22 -0700, eliott wrote:
> > On 4/12/08, dchapiesky at juno.com <dchapiesky at juno.com> wrote:
> > >
> > >
> > > In my humble opinion...
> > >
> > > It is always best to have a firewall between you and the outside world. In
> > > some circumstances, two firewalls back to back is even better (make sure the
> > > two are from different manufacturers...)
> > >
> > > The folks at http://www.metasploit.com/ work on tools which exploit open
> > > ports and even with so few ports available, your system could be used as a
> > > "zombie" tool by malicious people.
> > >
> > > So, put a firewall in, or install some kind of syslog filter/analyser which
> > > will at least notify you of weird things going on...
> > >
> > > Daniel
> >
> > pf, for instance, also has the ability to 'scrub' packets (normalize
> > them) before they are handed up to the rest of the stack.
>
>
> pfsense is really amazing, if you can afford to put in a separate box.
> I'm not a huge BSD fan, but there's nothing like it on Linux (or
> anywhere else for that matter)
The original thread post mentioned FreeBSD, and pf has been ported
from OpenBSD to FreeBSD for a while now.
For the record, I think pfsense is also *very* cool, and utilizes pf
'under the hood'.
More information about the nginx
mailing list