what about setting up a trusted management station and allowing only that box
access to the m0n0 on port 443?
Thats kinda industry standard.
Pitbull Technologies <http://www.pittech.com/>
Protecting your Digital Assets
Quoting Jean Everson Martina <everson at inf dot ufsc dot br>:
> We have planned something like that, and when we want to release the
> webGUI to use we can have a console option to release all firewall
> rules. But we are concerned that not having the webGUI running is secure
> like this solution, but needs less resources.
> Jean Everson
> Mine GO BOOM wrote:
> >> Another thing wre need to change in m0n0wall is the automatic
> >>of the webGUI. We need to disable it, as we do with console. Some of our
> >>clients think that keeping the admin web port open is a security flaw.
> >>How can we start to do this? is there some documentation about the
> >>m0n0wall XML Schema to us to include this setting there?
> > If you plan on never changing the configuration file again, you can
> > always block access to the site on the LAN side. If you really want to
> > be able to access it again, you could always have another network card
> > in there setup to be m0n0wall only for access change.