On 19-02-2015 01:12, Eric Furman wrote: > A firewall should be a firewall. Period. > It's your first line of defense against attack. > Each and every additional thing you run on it just > makes it that much more vulnerable to attack. Of course it does. But since not all of us have the budget for this kind of setup, I believe this trade-off is an acceptable one, if you understand the risks. Also, there are some things you can't do if you run the services on a separate machine such as divert(4).
Cheers, Giancarlo Razzolini