On Wednesday 19 March 2003 01:07 pm, Ian Garrison wrote: > Imo iptables is a reasonably good stateful firewall and is fine in most > cases. However, a very wise person once said that the ideal setup is to > layer more than one implementation of packet filter and firewall between > the wild and a host/network you wish to protect. Ideally implementations > on diverse platforms.
Just remember, that when you do this, you are introducing an additional point of failure for each device in the chain. Some people like to keep these at a minimum, especially in the 'revenue-generating' environments you describe. - Keegan