Am 27.04.2025 um 10:52:53 Uhr schrieb David King:

> I would disagree.  Operating systems have flaws that hackers can 
> exploit.  If a computer is connected directly to the internet then 
> hackers can exploit those flaws, regardless of what you may or may
> not having running on the machine.  Defense in depth is a security
> best practice.  If you want decent security, then a router that
> provides a private intranet with NAT and firewall software on the
> workstation are only prudent.

Such vulnerabilities can also exist on the firewall itself.

I do run additional SPI firewalls, but mostly for the case that certain
services might run accidentally on some systems (e.g. not controlled by
me or not configurable). For IPv6, SPI is the only reasonable way to
handle that, for private IPv4 networks, NAT does the same indirectly.

-- 
Gruß
Marco

Send unsolicited bulk mail to 1745743973mu...@cartoonies.org
-- 
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to