Good Uses for a Firewall

• Reducing exposure of vulnerable services on hosts you can't patch because they are:
• Certified by the FDA for only one particular revision of software;
• Old and no longer supported by the vendor;
• Devices with code in ROM, such as a printer or terminal server;
• Embedded in a device with a service contract where the service technician routinely wipes out any custom configuration

• Protecting a new computer or service while you bring it up (even if you don't intend it to be firewalled in production).

• Preventing the spread of worms and exploitation of back-doors.

 
• As insurance against misconfigured hosts (defense in depth).

• Explicitly blocking specific troublesome traffic.

• Meeting due-diligence security requirements.

• Limiting access to network-attached printers and devices.