If you are an old-timer I am sure you well know my opinion on software firewalls and IDS.

Basically....They are worthless, nothing more than a false sense of security.

A firewall to be truly effective needs to be a seperate entity. no exceptions. Similar to a moat around a castle. A firewall is meant to allow ONLY the good traffic to pass to the server.

If you are using a software firewall then the attacks/attackers are already at the door. Not to mention the fact that the IDS/firewall could be used to punish the machine it was meant to protect. If you do not have the resources to buy a good hardware firewall appliance, then look in the paper, and find someone selling any older PC for around $75-100. Add another NIC to it and install BSD or Linux. Each distro has the ability to be *just* a firewall. At install time it is one of the options.

-Q