Supote Leelasupphakorn wrote:
Hi, all

So far, I known firewall is a choice when I want to protect my boxes from crackers but my question is
if I closed the service I don't use (such as port 25
for STMP) so the cracker out there can't attack,
what's the reason "firewall" come to play ?

First off, you don't have to use a firewall. It's your machine, do whatever you want.

Hypothetical example:  Some jerk suddenly starts DoSing
your server (like SQL slammer, or anything similar) if
you already have a firewall setup, you can quickly and
easily add a rule to block the attacked port and reduce
the dameage.

Example #2: Employees are playing Internet games while
they should be working.  You can quickly add a rule to
prevent the game traffic from working.  You can even
do like I did for a client and add a cron job that allows
them to play games during lunch only.

Example #3: You want to keep an individual employee from
hogging all the network bandwidth.  Set up dummynet rules
to keep things flowing.

Even if you have no _need_ for a firewall, it can be
useful.  If you can't think of anything to block, I'd
just set it up with the "open" ruleset for now.  If the
time comes when you need to add a rule you can do so in
just a minute or so, as opposed to configuring the whole
firewall.

--
Bill Moran
Potential Technologies
http://www.potentialtech.com

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to