> I never said that. PF isn't the only way to block packets, like TCP > wrappers or ACL's within the server itself.
That is horse shit, and shows that you don't know how actual code works. I prefer to filter problems BEFORE THE ACTUAL CODE RUNS. Perhaps you don't know what a pre-authentication bug is. > It seems that adding > another layer to the mix takes up more CPU and RAM than needed, since > most servers have some sort of ACL list for acceptable hosts, and tcp > wrappers does a good job too. More horshit. It uses LESS memory and cpu than all that TCP filters, and actually making the application wake up and decide that it does not want a connection. You are 100% wrong.