And if you have 250 hosts, you want to use a firewall between groups of them so the network is compartmentalized: so if one host is hacked it will not be able to take down all the other hosts.
When a server is compromized then iptables on it won't help anymore, not even to detect that the server is compromized! Only a firewall running on a seperate piece of hardware helps.
A system should never be designed with the assumption that it will never be hacked: that is like planning for a life where you never get sick.
When a server is compromized then iptables on it won't help anymore, not even to detect that the server is compromized! Only a firewall running on a seperate piece of hardware helps.
A system should never be designed with the assumption that it will never be hacked: that is like planning for a life where you never get sick.