Not really, a Windows firewall can selectively permit outgoing connections, something very impractical to do on a dedicated firewall. Although with a good antivirus and nice "downloading" skills you might not need this.
exactly thats my point in theory, if u open ports be sure they're intended for public use n some propperly configured services are runnin there. but still there might be some services u want to open to restricted ips n not to the whole world (eg nfs between some servers with public ips) or u want to protect some clients in ur network (but also with public ip adresses) - still iptables is software (although in kernel-space) and imo therefore not completely useless. also some services that shut down ur ssh-login after a number of failed login-attempts might rely on iptables. plus, when setting up windows servers (yeye, i know, but atleast i get payed for it, anybody can be bought ^^) even when configuring all services/useraccounts propperly i still dont feel pretty comfortable when i think those magic ms-ports (137-139, 443 etc) are still open n godwhoknowswhichdamn windows-service is still listening there, even if it denies all requests. (where the windows packet filter aka windows "firewall" gains my support)
well, the prob here is also that ms has the clever strategy for binding several services to the same ports. u wanna block one service for public but rely on the other, still need all services runnin for local use, nice situation ...
actually. there is nothin like a "hardware firewall". even ciscos are only some computers (admittedly with special hw) runnin ios (ye, i know not all ciscos do, but that goes 2 deep now).
People usually call it a "hardware" firewall/router if it's a separate box that doesn't look like a computer (even if it's running embedded Linux/iptables), or "software" firewall if it's software running in Windows.
Running Netfilter/iptables on a computer is what I'd call a "geek" firewall. ;)
too much stress today to realize the quotes, soz ;) well, convinced my chef yesterday do base the routers for the new installations we do on linux, rlly glad i dont have to fiddle with ios for that :> plus, when it comes to extensibility (snort etc) nothin beats a linux setup here imo.
A router is good at blocking specific ports, but can't [easily] prevent a specific program from "calling home" if it uses e.g. port 80.
(Software firewalls doesn't really add much security against malware though.)
ppl not doin this deserve what they get
People usually call it a "hardware" firewall/router if it's a separate box that doesn't look like a computer (even if it's running embedded Linux/iptables), or "software" firewall if it's software running in Windows.
Running Netfilter/iptables on a computer is what I'd call a "geek" firewall. ;)
Installing routers in the kitchen? ;)
this one
(Software firewalls doesn't really add much security against malware though.)
That was my point !