@interpipes@thx.gg @neil@mastodon.neilzone.co.uk agree but fundamentally they don't separate stuff facing the internet from other things. They also forget that PCs on the 'inside' are the attack vector, so trust everything on the LAN. Also how many firewalls ever have egress rules. So many things, and you are right it comes down to the cost of knowing the right thing.