> Because if you are allowing port 80 through on your firewall and the > web server is badly or insecurely configured then exploits like > MSADC.pl can be used with ease against your web server.
This is a very important point here that Trevor has made. Your "standard" packet filtering firewall can only protect those services which you don't wish to expose to the Internet. I say "standard" because you can use something like hogwash to scrub out any malicious packets at your firewall. At this point though, it may not be considered a packet filtering firewall anymore. Steve
