Firewall really necessary?

eliott eliott at cactuswax.net
Mon Apr 14 09:30:11 MSD 2008


On 4/13/08, Cliff Wells <cliff at develix.com> wrote:
>
>  On Sun, 2008-04-13 at 18:22 -0700, eliott wrote:
>  > On 4/12/08, dchapiesky at juno.com <dchapiesky at juno.com> wrote:
>  > >
>  > >
>  > > In my humble opinion...
>  > >
>  > > It is always best to have a firewall between you and the outside world.  In
>  > > some circumstances, two firewalls back to back is even better (make sure the
>  > > two are from different manufacturers...)
>  > >
>  > > The folks at http://www.metasploit.com/ work on tools which exploit open
>  > > ports and even with so few ports available, your system could be used as a
>  > > "zombie" tool by malicious people.
>  > >
>  > > So, put a firewall in, or install some kind of syslog filter/analyser which
>  > > will at least notify you of weird things going on...
>  > >
>  > > Daniel
>  >
>  > pf, for instance, also has the ability to 'scrub' packets (normalize
>  > them) before they are handed up to the rest of the stack.
>
>
> pfsense is really amazing, if you can afford to put in a separate box.
>  I'm not a huge BSD fan, but there's nothing like it on Linux (or
>  anywhere else for that matter)

The original thread post mentioned FreeBSD, and pf has been ported
from OpenBSD to FreeBSD for a while now.

For the record, I think pfsense is also *very* cool, and utilizes pf
'under the hood'.





More information about the nginx mailing list