From owner-freebsd-questions@FreeBSD.ORG Tue Jun 24 07:51:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D29437B401 for ; Tue, 24 Jun 2003 07:51:24 -0700 (PDT) Received: from mta7.adelphia.net (mta7.adelphia.net [64.8.50.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 865FD43F75 for ; Tue, 24 Jun 2003 07:51:23 -0700 (PDT) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([24.53.161.217]) by mta7.adelphia.net (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP id <20030624145123.TGTL1347.mta7.adelphia.net@potentialtech.com>; Tue, 24 Jun 2003 10:51:23 -0400 Message-ID: <3EF8656A.4060702@potentialtech.com> Date: Tue, 24 Jun 2003 10:51:22 -0400 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030429 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Supote Leelasupphakorn References: <20030624110547.12094.qmail@web40614.mail.yahoo.com> In-Reply-To: <20030624110547.12094.qmail@web40614.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Why must I use firewall ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2003 14:51:24 -0000 Supote Leelasupphakorn wrote: > Hi, all > > So far, I known firewall is a choice when I want > to protect my boxes from crackers but my question is > if I closed the service I don't use (such as port 25 > for STMP) so the cracker out there can't attack, > what's the reason "firewall" come to play ? First off, you don't have to use a firewall. It's your machine, do whatever you want. Hypothetical example: Some jerk suddenly starts DoSing your server (like SQL slammer, or anything similar) if you already have a firewall setup, you can quickly and easily add a rule to block the attacked port and reduce the dameage. Example #2: Employees are playing Internet games while they should be working. You can quickly add a rule to prevent the game traffic from working. You can even do like I did for a client and add a cron job that allows them to play games during lunch only. Example #3: You want to keep an individual employee from hogging all the network bandwidth. Set up dummynet rules to keep things flowing. Even if you have no _need_ for a firewall, it can be useful. If you can't think of anything to block, I'd just set it up with the "open" ruleset for now. If the time comes when you need to add a rule you can do so in just a minute or so, as opposed to configuring the whole firewall. -- Bill Moran Potential Technologies http://www.potentialtech.com