Why do you need a firewall anyway?

Why do you need a firewall anyway? No daemon hanging off a port == no risk (unless you've got a serious vulnerability in the kernel). If there is a daemon listening, you need a hole in the firewall anyway and then you're just as vulnerable as the daemon.

OK ..... sometimes it's nice to block particular addresses from hammering your MTA under the mistaken impression that it might be capable of sending spam. Not because it might actually succeed; but because while it's flicking one eye up to notice that the visitor isn't welcome, it's taking a fraction of a second which could have been spent dealing with a legitimate request.

But of course, if you go installing a piece of software without reading and understanding the Source Code (or at the very least having it analysed by an expert, independent of the original authors and whom you trust) then you deserve everything you get.