But by selecting https in the config, m0n0 doesn't listen to non-https,
so there is already no chance the admin uses unencrypted access.

Re redirecting: if an admin needs to be hand-held to this level, I don't
think it's appropriate for said admin to be in charge of a firewall! The
port and protocol used should be in the institution's
documentation/disaster recovery anyway.

My 2p.

R.



>The idea *is* to lock it down. By redirecting explicitly
>connections on port 80 to port 443, you make it so there
>is no chance that the administrator will use the 
>unencrypted channel. Call it another layer of security.