[H-GEN] Smoothwall dialling problem

Jason Parker-Burlingham jasonp at uq.net.au
Wed Apr 16 00:19:48 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Hilton Travis <Hilton at QuarkAV.com> writes:

> On Wed, 2003-04-16 at 10:29, Jason Parker-Burlingham wrote:
> >  Hilton Travis <Hilton at QuarkAV.com> writes:
> > > On Wed, 2003-04-16 at 07:51, Jason Parker-Burlingham wrote:
> > > > Would someone please tell me why a firewall for a home network
> > > >would need a writable filesystem at all?
> > > Logs,
> >  Really?  I'd consider sending syslog messages to another host on
> >the inside of the network.
> Aahhh - of course - most home users have a spare PC set up as a
> logging server...

Sarcasm aside, spare PCs are a dime a dozen.  A 486 can be had for a
song if it doesn't need to come with a monitor, mouse, keyboard, or
disk drive.  All you really need is a NIC and a floppy disk (or a
CD-ROM drive if you like).

> > > web cache...
> >  A firewall running squid?
> ... just like they have another spare PC to act as their web proxy.

Well it just doesn't seem wise to go to all the trouble of setting up
a dedicated box to act as a firewall and to then undercut that by
running services on the host which can be abused if they're not locked
down properly or act as an avenue to r00t the box.

> If you HAVE spare machines floating around, I totally agree that the
> firewall should ONLY be the firewall, and all other tasks should be
> run on another machines(s) as appropriate.
> 
> But the vast majority of users do not fit in this category.

Let's examine this.  A cache is of limited utility if there is only
one user (their browser cache will take care of most eventualities).
So this means there's more than one user.  In most environments each
user will have a computer.

This sounds like a nice amount of extra income, CPU and memory to
me---either students sharing a house (I used to live in such a
household and cobbling a spare machine out of parts wasn't hard) or a
family (and hence one or two adult-sized incomes).

Of course this is all speculation unless one has some actual figures
to hand.

In any case they may well be better off simply buying a hardware
router from Linksys or something---I got to play with a wireless model
a few weeks ago and it works wonderfully.

In the end, this all sounds like an ill-considered set of decisions;
the "must run a journalling filesystem, even on a firewall" mantra
completely convinces me this is the case.
-- 
``I didn't program you for sarcasm.''

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list