On Fri, 9 May 2008 04:48:43 +0200 (CEST),
Joachim Schipper <jdNoOtSPAMschipper@math.uu.nl> wrote:
>> I'm behind a router and the "Shields Up" test show no open ports.
>> Do I still need PF?
>
> No, you almost never need pf unless you are building a firewall. (Not
> a ZoneAlarm-style "host-based firewall" - a real firewall.)

Just to clarify: on a certain not to be taken seriously but despite
that widely (ab)used software platform, it turns out to be quite hard
to turn off unwanted services. Doing so anyway can cause all sorts of
side effects and nagging popups with conflicting messages, so the poor
uneducated user usually is beaten into not securing his machine.

``Firewalls'' have been touted as a solve-all for this. They're not, of
course, as the poor reporting and (again) uneducated user causes ``GWF''
syndrome. (Look up the ``GWF'' term. We've seen a few here also.)

Most modern unices are fine without a firewall, as long as you take care
and you know what you're doing.

There may still be reasons to use kernel level packet filtering, but it
is not a sine qua non of connecting a unix to the network. In fact, if
you have a working firewall configured ``in front'' of your machine,
it becomes desirable to not need yet another firewall due to the extra
maintenance.


--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.