Router and software firewall

Im wondering what sort of extra security is gained from a software firewall when used behind a router on a one home computer?.I know theres the outbound application factor ,.which i personally think is important as i like to see whats connecting out.However out of habit (before i had the router) i always like to for example set my newsreader just for port 119 and used software firewalls that could do this like kerio or outpost.Bur is there really any benefit in setting it to one port rather than just allowing evrything as in the case of ZA free?.Also is there any point in setting your isp dns in the software firewall when its set in the router?.As i say ,out of habit i always try to set the software firewall up as if i have no router , and i suspect lots of people do..but apart from ther application filtering ,is there any real need for port filtering etc in a software firewall,if one has a router?
ellison

 

I suspect it just depends on how paranoid you are. If you feel the need, sure, you can set specific ports on outbound apps. Many do. Just a matter I guess of how "tight" you want things to be. I suppose the reasoning is that a rogue app may try to connect out on non-standard ports somehow. There is also the added advantage of being able to block access to certain ports, for example, you might want to allow your email client to access 25/110 for mail, but at the same time block port 80 access. Just depends on what you want.. If you don't care about all that, then the simple on/off switch approach of ZA is fine..

 

Hardware firewall does indeed block outgoing. I can prove it. Depends on your router-gateway

 

I can see the logic in this , but is it still a case of feeling safer rather than actually being safer?For example rogue apps , is something that i would expect the application control/monitoring to alert me too ,regardless of what port it was trying to use.Also arnt most email progs usually, by default set to 25/110 remote port anyway?.I guess the router (if configured properly) will take care of all the incoming traffic ,and presumably application filtering will allow you to make an informed desicion in what to allow for outgoing so is the configuring of port filtering any further benefit over ZAs (and others) on/off approach?.Im personally in two minds about it, and havent really seen any conclusive evidence to back up one preference over the other.
ellison

 

I guess some do.Mines very basic seems to stealth everything but does reply to ping , which i cant do anthing about,but then again does it really matter?Its been like that for 2 years without any problems anyway.What would be a good choice of hardware firewall in your opinion?.I have thought of getting another one with more bells and whistles ,but then the tight side of me always asks why? and would the benefit outweigh the cost?.
ellison