[ previous ] [ next ] [ threads ]
 
 From:  "Mas Libman" <mas at masandwendy dot com>
 To:  "'Giobbi, Ryan'" <rgiobbi at AGOC dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: UPnP as a possible future option?
 Date:  Wed, 30 Nov 2005 09:58:15 -0800 
Many of us are also using m0n0wall at home where UPNP support is the norm
(many apps require it to work properly.) From a security standpoint,
application-specific firewalls on each client are better at preventing some
worm or virus from opening up ports. If the argument against UPNP is simply
that it is insecure, then how is it so much worse than the recommendations
I've seen to punch any # of holes in the firewall or to put a machine in the
DMZ? 

Cheers,

/Mas

-----Original Message-----
From: Giobbi, Ryan [mailto:rgiobbi at AGOC dot com] 
Sent: Wednesday, November 30, 2005 9:11 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Re: UPnP as a possible future option?

> Name a single *real* firewall that supports UPNP. There aren't any, 
> because it's a ridiculously bad idea.
>
> I'm sufficiently tired of hearing people ask for something to make
them
> horribly insecure though, so at this point if somebody wants to add 
> support that's disabled by default, more power to 'em. ;)
>
> -Chris

I saw the above challenge in the list archives and found two real firewall
configuration tools (both use IPTables on the backend) that support UPnP.

- Shorewall
http://www.shorewall.net/UPnP.html

- Firewall Builder
http://www.fwbuilder.org/archives/cat_about.html
 

-----Original Message-----
From: news [mailto:news at sea dot gmane dot org] On Behalf Of Braden McGrath
Sent: Wednesday, November 30, 2005 9:30 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Re: UPnP as a possible future option?

Mas Libman <mas <at> masandwendy.com> writes:

> (Braden, you might take a look at Smoothwall.org if UPNP is that
> important.)

I'll keep it in mind, but last I was aware Smoothwall doesn't run on Soekris
hardware.  :(  I have a net48xx and the silence and low heat output are
important due to the location of the router.  If I could get Smoothwall to
run on it, then I'd go that route, but to my knowledge it's not a supported
configuration, even if I throw a huge CF card in it.

It's kind of sad when most $50 cheap-o home routers support UPnP, but it
isn't even offered as an *option* in m0n0, which is supposed to be a
superior solution.  I'm not suggesting that UPnP should be enabled by
default or anything insane like that, but I can't imagine that it is too
hard to add...

Or maybe it is, I can say after checking out the current (sorry) state of
UPnP development for BSD.  :(

Guess I'll just have to live with it then.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
lp at lists dot m0n0 dot ch