I totally agree that firewalls are not a panacea, and also that its more important to not open ports that you don't have to. I don't run any kind of services like ssh or ftp, I don't even run inetd or anything like it. There are no ports open! The only open ports are outgoing and related answers incoming. One thing that linux distros have traditionally had backwards is turning everything on by default, including all kinds of port access. The first thing I do whenever installing is make sure no services are running that open ports, and that only what I need is running, period. Having said that, a basic firewall is still important for its drop packets functionality. You do not want any info that you are even there, that you exist. You want to drop packets therefore you should have a simple basic firewall in place. Start by dropping everything, then allow only what you need. -- Doug
