mc2718 good secuirty is like a onion. You have layers. Firewall is only one layer. DAC permissions are another. MAC permissions are another. Physical controls are another. At the firewall layer I use single packet port knocking to open the ssh. So it is hidden most of the time. Also the least number of not security layers the better. Ie wine is a non secuirty layer. Always remembering any one layer could fail one day. Each layer reduces the risk or complete failure. Secuirty what got my fear of you mc2718. People from a windows background have the problem of putting too much faith in anti-viruses and firewalls. Where good secuirty from the Unix/Linux world teaches you not to depend on them.
