Dave Watts wrote: >>>Nope. That's what external firewalls are for. My approach >>>to host-based security is generally just to disallow as >>>much traffic as I can; I don't know what kind of performance >>>hit you'd take with doing that on each host, and I don't >>>want to find out. >> >>Why not? If you don't know what is possible, you don't know >>what to ask from your software vendor. And depending on chosen >>software it doesn't have to be that much at all: >>http://www.netsys.com/openbsd-misc/2002/04/msg00304.html > > > I had no idea you could run pf on Windows. Now that is a success story!
That would indeed be a success story :) But the point is, that I really don't understand why you wouldn't want to know what the performance hit is. How can you make an informed decision (not) to do statefull filtering, if you don't even know that? I would love to have something like pf included with Windows. I even asked MS to enhance the standard firewall to be able to recognize flags and maintain state. Surely something Microsoft would want to do when spearheading a trustworthy computing initiative [1], wouldn't they? Of course it would conflict with certain other interests, all the nice "phone home" options [2] would be blocked by any decent ruleset for instance, but that is not my problem. I look around for features in other OS'es that are worthwile and ask MS to implement them as well (like a webserver that can run under some other account as "system" or a decent packet filter). Get the right tool for the job. And if there is no right tool, file bug reports and enhancement requests until they make the right tool. [1] http://www.microsoft.com/presspass/features/2002/feb02/02-20mundieqa.asp [2] http://www.theregister.co.uk/content/4/24815.html Jochem ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
