Originally posted here by AngelicKnight
In some cases, a hardware firewall doubled with a software firewall may seem overkill, but it wouldn't hurt, if you know what you're doing.
If you "know what you're doing", you realize installing both is stupid, and you don't do it in the first place. You don't just install security mechanisms because "it wouldn't hurt" if it "doesn't help" either.

I'm not sure where people are getting confused as to what exactly a firewall does, and why so many people are saying install both.

For example, someone said they installed a desktop firewall to take care of things that "slip through" their hardware firewall?

Firewalls are set up with a set of rules. Things don't just "slip through" them. It's not like the rules only work "some of the time". If that were the case, we'd call them Firewall Suggestions, and not Firewall Rules.

Even the largest of corporations and governmental agencies rely on border firewalls, and certainly don't expect each desktop to act as a firewall as well. Why not? Because that's not the role of a desktop computer, and for good reason!

Firewalls are intended to be a border access control device, plain and simple. Desktop software versions of them were invented during the "dial up" era as a gimp version of a firewall, because individuals didn't have control over border access at all. (The earliest versions of these were freeware programs written by users on IRC to block things like winnuke. Software companies figured hey, might as well add a bit more functionality and make a commercial product out of them). They have long since outlived their usefulness, and exist solely to satisfy a consumer demand driven by a clear lack of understanding of what a firewall is and does, and the role one plays in information security.

I stand by my earlier recommendation.