誤區 - 防火牆並不能保證你的網路絕對安全
堡壘主機(A bastion host)- In an ideal world, this would be true. However, a firewall is only as secure as the work you put into securing it.
主機安全替換(A replacement for host security) - 每一項防火牆允許的服務都是潛在的風險。
本地 - 對於在實際的物理串連而言，沒有安全可言。很明顯，防火牆對此無能為力。
Local privilege escalation - The trojan horse attack. The attacker alreay has a local account on your box (inside the gates) and obtains root by some means (vulnerability or misconfiguration). A firewall cannot protect again this type of attacks.
Remote - Your host is listening on a port that the attacker is able to connect to remotely over a network and exploit a vunerability somehow. This is the only type of attack a firewall can (hopefully) protect you against. There is another important point here that most firewall howtos neglect. In order for someone to exploit your box remotely, it has to be listening on some ports (i.e. providing a way for an attacker to connect). Therefore, if your host isn't listening on any ports, you are safe from remote exploits (unless the attacker manages to attack the network stack itself).