Comments on 'Security without firewalls'

Filed under

Debian Administration has an article up about the usefulness of firewalls. Are they really necessary? If you consider a firewall as just a non-stateful, layer-3 packet filter, then I would agree they are not very useful.

However, modern firewalls can do all sorts of useful filtering that can protect a public application from compromise - things like stateful fragment reassembly, packet normalization, and rate limiting come to mind. Outbound filtering can also be useful, in the event of an internal compromise, or just as a spam-buster (only allowing outbound SMTP traffic to a mail relay with authentication).

More Here