Am 27.04.2025 um 10:52:53 Uhr schrieb David King: > I would disagree. Operating systems have flaws that hackers can > exploit. If a computer is connected directly to the internet then > hackers can exploit those flaws, regardless of what you may or may > not having running on the machine. Defense in depth is a security > best practice. If you want decent security, then a router that > provides a private intranet with NAT and firewall software on the > workstation are only prudent.
Such vulnerabilities can also exist on the firewall itself. I do run additional SPI firewalls, but mostly for the case that certain services might run accidentally on some systems (e.g. not controlled by me or not configurable). For IPv6, SPI is the only reasonable way to handle that, for private IPv4 networks, NAT does the same indirectly. -- Gruß Marco Send unsolicited bulk mail to 1745743973mu...@cartoonies.org -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue