At 5/6/2002 01:05 AM -0500, you wrote: >1) If the firewall box goes down, the entire system goes down.
Not if *each* box has iptables or ipchains running. >2) I had a leased server that was behind a firewall. It frequently was a pain >to deal with. Not if the firewall is properly set up. >3) Until recently I haven't needed to. Correction; you were unaware of the need, thus got hacked. You have "needed" that firewall for a long time... you were just lucky no one else found you and hacked you earlier. >4) Putting in a firewall doesn't guarantee that you won't be hacked. The >first >time I was hacked the box in question was behind a firewall. The jerk was >still >able to gain root access. The firewall blocks connections you don't want to receive. If you allow port 80 traffic to your webserver, and your webserver is vulnerable, then you'll still be hacked. The firewall is one excellent line of defense but it's certainly no magic shield that will protect you from everything. What you need (no offense) is significantly more education about your own security and how to protect yourself. Don't blame the firewall. >5) Having a tight firewall is like living in a fenced in yard. No one can get >in, but you can't get out. I have no desire to live on an island. Clearly you haven't seen the MASQUERADE feature in iptables; I can do *ANYTHING* from the inside to the outside, and the firewall is completely transparent to me. Bitch for someone to get in, though. Again my same point: you need to learn a great deal more. Your biggest weakness right now is your lack of knowledge and the assumptions you make due to that lack of knowledge. I'm not calling you an idiot here... I'm saying there is knowledge you do not have, and that what you don't know *is* hurting you. -- Rodolfo J. Paiz [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list