[Gllug] Opinions on Smoothwall and other firewalls
gllug at uncertainty.org.uk
gllug at uncertainty.org.uk
Mon Oct 8 15:15:02 UTC 2001
On Mon, Oct 08, 2001 at 01:31:37PM +0100, Jarvis, Richie wrote:
> I tried it and wasn't impressed. It is very good for novice users, but as
> soon as you wish to do something a little more complicated it is hard work.
> I now use my own homegrown firewall based upon Redhat 7.1, and love it do
> death ;)
>
> Cheers,
>
> Richie Jarvis
That's pretty much my experience too..
also the smoothwall tema seem to believe that security through obsurity
is a Good Thing (in addition to proper security)
what this means is that things like ssh and even the web based interface
run on non-standard ports .. and to make it worse this feature is not
well documented (though the recently had to add a note on the front page
of thier website as so many people couldn't find the web interface)
Personally I prefer standards to be followed so that I don't have to
learn where everything is and then tell other people I work with.
I also don't like the morallistic rant claiming the smoothwall team have
worked hard and spent loads of money on the project - so anyone who
downloads a copy should donate money to the authors favorite charity!
other annoyances are
the system uses a 2.2 kernel and so has ipfilter not iptables
- no stateful filtering (I haven't looked at the rules it uses)
it is designed to only accept patches from the official smoothwall site,
this proved troublesome when a biug in the Beta version of 0.9.9 meant I
had broken DNS ... and I imagine could lead to other problems (though
getting around it wasn't too hard)
finally I deeply mistrust any 'open source' system that puts its help
documents in acrobat format !
--
Sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20011008/74cdafb7/attachment.pgp>
More information about the GLLUG
mailing list