On Wed, Mar 4, 2009 at 09:30, Vick Khera <vi...@khera.org> wrote: > What threats are you defending against? The firewall will not protect > you against application flaws such as cross site scripting and SQL > injection attacks.
I agree, but given the context and content (no disrespect intended either), I'm not sure Raleigh knows what he's looking for or what he's defending against. Raleigh: the most basic form of firewalling today is precisely what you stated - packet filtering. Firewalls in this category (pfSense included) filter at OSI layers 2-4, meaning they don't get any deeper into the packet than IP and port number. This defends against basic attacks & reconnaissance including some DoS, address spoofing, port scanning, and so on. pfSense also adds load balancing, VPN termination, and other border services as well. If, as Ben & Vick have asked, you are interested in application-level filtering (SQL injection, XSS, and other "layer 7" attacks), you'll need to look at something more like a reverse proxy running mod_security - pfSense does not offer application-level filters. RB --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org