hi

I have been hearing from different sources that a truly good security
setup does not require a firewall. Of course that depends on the
situation for the system. but if one considers a single home computer,
is it plausible to have basic security without a firewall?

The reason I am asking is that I am looking for the simplest way to
centrally control which ports are open and for which adresses. The
problem is that most firewall systems on linux are pretty complex, e.g.
shorewall, and that makes it difficult to make it work properly.

I was initially thinking that setting hosts.deny/allow would cover a lot
of ground. When I tested it, by setting deny: ALL:ALL, I found that
SSH was affected but http was not. I also found that nmap finds all the
ports open. Yhis suggest to me that if I dont use a firewall I have to
separately configure all the different services to make a basic security
config.

So the question is, is there a single file such as allow\deny that can
be used to control visibility of ports and access in an easy way, or is
a firewall the only real option for this (which mean that I would have
to throw out shorewall and just use iptables directly)

tom