[Gllug] Opinions on Smoothwall and other firewalls

[gllug at uncertainty.org.uk]

On Mon, Oct 08, 2001 at 01:31:37PM +0100, Jarvis, Richie wrote:
> I tried it and wasn't impressed.  It is very good for novice users, but as
> soon as you wish to do something a little more complicated it is hard work.
> I now use my own homegrown firewall based upon Redhat 7.1, and love it do
> death ;)
> 
> Cheers,
> 
> Richie Jarvis

That's pretty much my experience too..

also the smoothwall tema seem to believe that security through obsurity
is a Good Thing (in addition to proper security) 

what this means is that things like ssh and even the web based interface
run on non-standard ports .. and to make it worse this feature is not
well documented (though the recently had to add a note on the front page
of thier website as so many people couldn't find the web interface)

Personally I prefer standards to be followed so that I don't have to
learn where everything is and then tell other people I work with.

I also don't like the morallistic rant claiming the smoothwall team have
worked hard and spent loads of money on the project - so anyone who
downloads a copy should donate money to the authors favorite charity!

other annoyances are

the system uses a 2.2 kernel and so has ipfilter not iptables 
 - no stateful filtering (I haven't looked at the rules it uses)

it is designed to only accept patches from the official smoothwall site,
this proved troublesome when a biug in the Beta version of 0.9.9 meant I
had broken DNS ... and I imagine could lead to other problems (though
getting around it wasn't too hard)

finally I deeply mistrust any 'open source' system that puts its help
documents in acrobat format !

-- 

Sean  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20011008/74cdafb7/attachment.pgp>