[H-GEN] Smoothwall dialling problem

David Jericho david.jericho at bytecomm.com.au
Tue Apr 15 20:04:24 EDT 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Wed, Apr 16, 2003 at 08:18:59AM +1000, Martin wrote:
> Robert!
> it sounds like you've never used Smoothwall :)

On Tue, Apr 15, 2003 at 05:45:00PM +1000, Robert Stanford wrote:

> 2 words,   SMOOTHWALL SUCKS
> Its much much easier and more reliable to install your favourite
> distribution and use it for the same purpose.

Well, to throw some fuel on the fire, firewalls with moving parts
suck. 

I've used Smoothwall before, and found it inflexible to all but the
most common configurations. There are some common themes I see all the
time with many *nix based firewall solutions, and I disagree with a lot 
of them.

1) HTTP/FTP proxy software should _not_ run on the firewall.
2) A firewall is not a general purpose shell machine.
3) Just because it's "secure" doesn't mean it should be
   unmaintainable. I've seen people delete system groups and users off
   a firewall in an attempt to harden it. Makes it a pain when you
   want to upgrade to the new secure version of xyz.
4) Stateful connections aren't the be all and end all of firewalling
   rules.
5) Yes, you do have to keep your machines inside the network secure
   and up to date too.
6) Moving parts in firewalls suck. They'll always fail when you need
   them to work the most.
7) Qmail is not the solution to your "secure" MTA problems.
    Corollary of 7): Qmail is not the solution to your MTA problems.
8) Yes, that firewall needs to be backed up as well.

-- 
David Jericho


--
Scanned and found clear of viruses by EntireScan.  http://www.entirescan.com/

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list