[BUGS] firewalls

[Dean Hamstead]

software firewalls really just stop rogue processes from opening ports 
up, maybe adding in some clever flooding protections etc (which in open 
source land are usually in the kernel anyway).

so a 'firewall' in open source, is really just configuring your packet
filtering to drop or accept packets in the kernel. so even if something
does run and open a port, the kernel (or tcpip stack if you like) will
know better.

its not a bad thing to configure pf properly, the downside is you will
fire up something and be cursing yourself wondering why you cant connect
to it (like say, apache or samba or something) only to realise you
need to add in its ports.

if you audit which ports are open, then you will have a very similar
affect as just 'blindly' allowing ports you want. as those ports wont
be open.

so closing everything up is good practice, but a careful audit
has much of the same results.

this may be considered bad advise, but i would consider not knowing
what is supposed to be running on your machine to be just as inadvisable!

Dean

Glenn wrote:
> Hi,
> at home I have a DSLG604 ADSL router with built in fire wall. The fire wall is configured to allow all traffic out and no traffic in. 
> My workstation (FBSD 6.2) does not run a firewall and I'm wondering if I should.
> 
> Other machines on the network run Windows and have a firewall enabled so I
> guess I'm feeling a bit "naked".
> 
> Do I really need one and if yes would pf be a good choice?
> 
> Glenno,
> Sydney.
> 
> _______________________________________________
> BUGS mailing list
> BUGS at bugs.au.freebsd.org
> http://mailman.barnet.com.au/mailman/listinfo/bugs
>