> Secondly, it seems pretty pointless to setup pf on a single host. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
That is the most ridiculous thing I've heard all day. Lots of people run servers and must block them, on the same machine. Probably every single one of us. > Instead of worrying about the > firewall, which takes up more memory and cpu and all that, just shut > off services that you don't need and be done with it. If the attacker > can hurt your OpenBSD machine, then your firewall is vulnerable as > well, and it won't protect any applications that need open ports > listening. Turning off services is always much better than turning on > services (pf) if you need protection. And the way OpenBSD is setup by > default, nothing is listening except a couple inetd services (which I > always turn off), and sshd if you said y in install, that's it. Anyone who says "I only need to block packets in my firewall" has got it all wrong.
