Re: [m0n0wall-dev] Patches on M0n0wall

From:	Chet Harvey <chet at pittech dot com>
To:	Jean Everson Martina <everson at inf dot ufsc dot br>
Cc:	Mine GO BOOM <minegoboom at gmail dot com>, m0n0wall dash dev at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall-dev] Patches on M0n0wall
Date:	Mon, 13 Sep 2004 22:46:46 -0400

what about setting up a trusted management station and allowing only that box 
access to the m0n0 on port 443?

Thats kinda industry standard.

Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311


Quoting Jean Everson Martina <everson at inf dot ufsc dot br>:

> Hi,
> 
> 	We have planned something like that, and when we want to release the 
> webGUI to use we can have a console option to release all firewall 
> rules. But we are concerned that not having the webGUI running is secure 
> like this solution, but needs less resources.
> 
> Thanks,
> 
> Jean Everson
> 
> Mine GO BOOM wrote:
> >>        Another thing wre need to change in m0n0wall is the automatic
> starting
> >>of the webGUI. We need to disable it, as we do with console. Some of our
> >>clients think that keeping the admin web port open is a security flaw.
> >>How can we start to do this? is there some documentation about the
> >>m0n0wall XML Schema to us to include this setting there?
> > 
> > 
> > If you plan on never changing the configuration file again, you can
> > always block access to the site on the LAN side. If you really want to
> > be able to access it again, you could always have another network card
> > in there setup to be m0n0wall only for access change.
>