[Lancaster] Firewall distros..

Dave Smith lists at td-online.co.uk
Thu Nov 19 00:43:33 UTC 2009 

One quick thing on this, while I remember:

Wayne Ward wrote:
> It also offers three options on install closed - open or half open, half
> open being the default which sounds ok but need to read more into! it has
> some strange plugins i never seen in ipcop such as sip filter and im filter
> - which if enabled you can live watch peoples conversations in a console
> LIVE! talk about snooping! 

As far as I was aware, this has pretty much always been easily 
achievable on things like the MSN Messaging protocol for a while, 
through the use of Wireshark / Ethereal. I would guess that encryped 
conversation options can't be 'snooped' on using the IM filter - but 
I've never tried this since I don't run a proxy for myself at home, 
rather just use firewall rules to try and limit myself.

As regards the Open / Half-Open / Closed (for the firewall), I think 
you're right in half open being the right choice. I haven't, in all 
honesty, looked much further into exactly what it opens, but it 
basically allows a list of its own defaults for outgoing access from the 
Green network - things like 'Internet' (Ports 80, 443 and the like), 
'Mail', 'Instant Messaging', 'Gaming' and the like where they seem to be 
using the industry standard ports for their rules. From that template 
you can also disable or add extras / exceptions for any of the 'safe' 
networks. Best example I can think is that with Half-Open selected I 
could do most thinks straight away that I needed to, but I needed to add 
exceptions for certain MMO Games I play, my Steam account (uses some 
high end UDP ports for certain features), and accessing my work Jabber 
server (non-standard port). So, in short, it seems Half Open is fairly 
reasonable in what it actually allows, but there's probably a more 
substantial list knocking about somewhere.

As you can probably tell from what I've focused on, I really haven't had 
need to play with many of the more 'advanced' features it can offer such 
as VPN, Proxying, DynDNS, Snort (just going to enable it now, out of 
curiosity :) ), remote access (I need to play with it at command level a 
bit really to see how it slots together), and QoS / Traffic-Shaping - 
mainly as I have no pressing need for them right now.

Overall, I do quite like Smoothwall, but haven't had much hands-on 
experience with other systems. I'm also an idealist, which makes me more 
difficult to please. What I'd ideally want is something like this:
- Smoothwall's Easy-to-Use GUI and a handful of presets.
- More APT for package updates.
- An easier way to add extra elements to the system - I know why it's 
harder to bolt them on from an overall product security point of view, 
but a bit more freedom in doing so would be lovely. Case in point being 
to get the XKai Daemon running as a service on the Smoothwall Box for 
consoles to connect to. Last time I checked there's no real way of 
making Smoothie do this yet.

*shrug* Looking forward to hearing how you get on!

Dave

More information about the Lancaster mailing list