[BUGS] firewalls

[harry]

Hullo Glenn,

On Sat, 2007-12-22 at 13:51 +1100, Glenn wrote:
> Hi,
> at home I have a DSLG604 ADSL router with built in fire wall. The fire wall is configured to allow all traffic out and no traffic in. 
> My workstation (FBSD 6.2) does not run a firewall and I'm wondering if I should.
> 

Probably a "good idea".

> Other machines on the network run Windows and have a firewall enabled so I

this is definitely a "good idea" - as long as it's not that p.o.j.
"Windows Firewall".

> guess I'm feeling a bit "naked".

* hands Glenn a towel to cover his (small) nakedidity

> 
> Do I really need one and if yes would pf be a good choice?

Again - do you "need" one? Probably. If only to protect your machine
when (not if) your MSWin machines get attacked. 'pf' is a perfectly good
choice - in the packages (or is it 'ports'?) somewhere. Can I also
suggest the use of something like Firewall Builder to construct your
rule-set. I am a "command Line Nazi" - but am also aware that there are
times when "getting it right" outweighs any 'philosophical' antipathy to
gui-tools :')

So, what are the 'risks' involved? Your FreeBSD machine being
compromised - minimal. The MSWindows machines being compromised - higher
(much higher). Your MSWindows machines are already 'risk reduced' - it
won't "cause any harm" to protect your FBSD machine, and you never know,
it may one day help.

It's all about being a good netizen. I run Antivirus on my *IX
machine(s), not because I expect to pick up a nasty, but in order to
trap any before they are passed on to vulnerable (read "ms windows")
machines. I also run AV / FW and anti-spyware on my MSWin machines.

It's called "Defence in Depth".

here endeth the lesson.

Have a Merry Christmas one and all,

Harry

> 
> Glenno,
> Sydney.
> 
> _______________________________________________
> BUGS mailing list
> BUGS at bugs.au.freebsd.org
> http://mailman.barnet.com.au/mailman/listinfo/bugs

-- 
harry [at] woodward-clarke [dot] com
imago Dei in quolibet hominé inveniartur