Sorry if I missed something, but why is this better than the software
firewall on OS X?
Because with NAT on a separate box, incoming traffic doesn't even reach
the (sensible) computer.
If you want to run a service on the LAN reachable from the outside, you
explicitely have to tell the NAT router to which local host those
connection requests should go. So, if you don't make such an entry and
the router can't handle such a request its self, all connection
attempts will be rejected just because the router doesn't know where to
forward the packets to. Hard to imagine how a hacker whould work around
non existent information.
Hard to imagine how to hack a router since these boxes can't run any
software (in the common sense) at all.
With ipfw, the traffic already reaches your computer, so basic infos
like IP address, open ports etc. can easily be found out. A hole in
ipfw or the network stack whould open the box for attacs.
On Sep 14, 2004, at 6:24 PM, Donald Jones wrote:
This has been beaten to death, but I certainly hope everyone got the
message: if you have a broadband connection, install a NAT router or
Firewall between you and the world. For most home users, the answer
will probably be a NAT router because of cost (<$100). Entry level
firewalls start at $500-1000 and go up rapidly from there.
My $200 router supports NAT and traffic filtering similar to what ipfw
does. I'm quite sure this makes ipfw on the LAN hosts obsolete.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Scitech mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/scitech/email@hidden
