[BUGS] firewalls
harry
harry at woodward-clarke.com
Sat Dec 22 15:31:42 EST 2007
Hullo Glenn,
On Sat, 2007-12-22 at 13:51 +1100, Glenn wrote:
> Hi,
> at home I have a DSLG604 ADSL router with built in fire wall. The fire wall is configured to allow all traffic out and no traffic in.
> My workstation (FBSD 6.2) does not run a firewall and I'm wondering if I should.
>
Probably a "good idea".
> Other machines on the network run Windows and have a firewall enabled so I
this is definitely a "good idea" - as long as it's not that p.o.j.
"Windows Firewall".
> guess I'm feeling a bit "naked".
* hands Glenn a towel to cover his (small) nakedidity
>
> Do I really need one and if yes would pf be a good choice?
Again - do you "need" one? Probably. If only to protect your machine
when (not if) your MSWin machines get attacked. 'pf' is a perfectly good
choice - in the packages (or is it 'ports'?) somewhere. Can I also
suggest the use of something like Firewall Builder to construct your
rule-set. I am a "command Line Nazi" - but am also aware that there are
times when "getting it right" outweighs any 'philosophical' antipathy to
gui-tools :')
So, what are the 'risks' involved? Your FreeBSD machine being
compromised - minimal. The MSWindows machines being compromised - higher
(much higher). Your MSWindows machines are already 'risk reduced' - it
won't "cause any harm" to protect your FBSD machine, and you never know,
it may one day help.
It's all about being a good netizen. I run Antivirus on my *IX
machine(s), not because I expect to pick up a nasty, but in order to
trap any before they are passed on to vulnerable (read "ms windows")
machines. I also run AV / FW and anti-spyware on my MSWin machines.
It's called "Defence in Depth".
here endeth the lesson.
Have a Merry Christmas one and all,
Harry
>
> Glenno,
> Sydney.
>
> _______________________________________________
> BUGS mailing list
> BUGS at bugs.au.freebsd.org
> http://mailman.barnet.com.au/mailman/listinfo/bugs
--
harry [at] woodward-clarke [dot] com
imago Dei in quolibet hominé inveniartur
More information about the BUGS
mailing list