From owner-freebsd-questions  Tue Nov 19  1:15:27 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0DD137B401
	for <freebsd-questions@FreeBSD.ORG>; Tue, 19 Nov 2002 01:15:26 -0800 (PST)
Received: from mail.silverwraith.com (apple.silverwraith.com [212.25.240.44])
	by mx1.FreeBSD.org (Postfix) with SMTP id 43DF443E97
	for <freebsd-questions@FreeBSD.ORG>; Tue, 19 Nov 2002 01:15:24 -0800 (PST)
	(envelope-from lists-freebsd@silverwraith.com)
Received: (qmail 2844 invoked by uid 1000); 19 Nov 2002 09:15:22 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 19 Nov 2002 09:15:22 -0000
Date: Tue, 19 Nov 2002 09:15:22 +0000 (GMT)
From: Avleen Vig <lists-freebsd@silverwraith.com>
X-X-Sender: avleen@apple.silverwraith.com
To: Pierrick Brossin <pbrossin@swissgeeks.com>
Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>,
	Greg 'groggy' Lehey <grog@FreeBSD.ORG>,
	"freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: FreeBSD Easy Server
In-Reply-To: <1037693245.3dd9f13d570f2@www.swissgeeks.com>
Message-ID: <20021119090804.T53207-100000@apple.silverwraith.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 19 Nov 2002, Pierrick Brossin wrote:

> > Then don't enable one.  A badly configured firewall is arguably worse
> > than no firewall at all.
> wow no firewall is such a nice idea.
> just kidding.. your server is then open to anyone.

Errrr..
The only real benefits you get from a firewall are:
1) controlling which IP addresses can access a service
2) *maybe* bandwidth shaping. *maybe*.
3) packet re-writing.

3) is one of the least used in my experience (having worked as a security
officer for several years).
2) arguable whether this is part of your filtering firewall or the routing
mechanism within the firewall.
1) Unless you're running a service that you want to restrict the service
to specific IP's, and that applications doesn't understand TCP wrappers,
this doesn't help.

'man blackhole' too


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message