iptables vs. hardware firewall

unix firewall iptables

Other than (possible) performance issues, one thing to keep in mind is that if your firewall is not on the same server as the one it's protecting, if somehow someone does get access to the webserver, they still can't muck with the firewall, meaning they couldn't change your outgoing rules, etc.

A separate firewall could also be set up to not have any way to access it via the network, which again, increases its defenses from being tampered with.

Keep in mind, this is also true of a software firewall that's a separate box, it doesn't have to be a hardware one.

Related

KubeADM cluster: how to configure DNS properly
What is the difference between ip link "add link" vs "add dev" commands
Switching from self-signed certificates to commerical TLS/SSL cert: will it work the way I expect?
windows 10 port forwarding 445
Configuring IIS to use multiple application pools for a single website
Apache 2.4 ignoring basic authentication
Link a GPO to an OU or security group, Who will win?
"535 5.7.8 Error: authentication failed: authentication failure" with postfix and dovecot sasl authentication
Apache error "could not bind to adress"
What are the numbers for in these LDAP commands ? ldap(3), slapd(8), slapd.conf(5), slurpd(8)
OpenSCAP ssh with keyfile
Spamhaus PBL stops email even though SMTP-AUTH is enabled