RE: [m0n0wall] Re: UPnP as a possible future option?

From:	"Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
To:	"Peter Allgeyer" <allgeyer at web dot de>, "Giobbi, Ryan" <rgiobbi at AGOC dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>, "Chris Buechler" <cbuechler at gmail dot com>
Subject:	RE: [m0n0wall] Re: UPnP as a possible future option?
Date:	Mon, 5 Dec 2005 10:18:38 +0100

I last year builded a linux firewall for a client which wanted to have
UPNP for there LAN to the internet connection.

I told him the danger of this but he still wanted to have this (and he
payed for it) so I did it.

After running that box for a half year now it turns out to be very
unstable with the free UPNP daemon running (the UPNP daemon just crashes
at certain points leaving the ports open).

I also patched the daemon to also cleanup certain ports and added some
security checks but even then the rest of the daemons are unstable...

I don't think it's a good idea to have unstable software on a firewall
that tries to be stable...

J. 

-- 
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
jonathan dot de dot graeve at imelda dot be

---------
Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite
---------

-----Oorspronkelijk bericht-----
Van: Peter Allgeyer [mailto:allgeyer at web dot de] 
Verzonden: donderdag 1 december 2005 12:10
Aan: Giobbi, Ryan
CC: m0n0wall at lists dot m0n0 dot ch; Chris Buechler
Onderwerp: RE: [m0n0wall] Re: UPnP as a possible future option?

Am Mittwoch, den 30.11.2005, 20:54 -0500 schrieb Giobbi, Ryan:
> In all seriousness, let me explain something.  Open source works when
> people contribute what they want to see in a project.  It *DOES NOT*
> work when people do nothing but bitch, moan and complain about what
> they want and don't do anything about it.  Want uPNP?  Make an image
> with support that works, and submit the code to Manuel and/or the dev
> list. Obviously from past threads, those of us that contribute
> couldn't give a shit less if uPNP is supported or not.  The other
> alternative is to offer up $X for whoever can implement uPNP.  If X is
> sufficiently large, someone will do it.  This isn't a whining
> competition with the winner getting whatever feature they want.
> 
> If it doesn't make it into the base system, I would gladly host the
> uPNP-enabled images on my site, and link to them from the
> documentation, so the effort wouldn't be for naught.
> 
> sorry, tired as hell of this and similar crap that people want to moan
> about but do nothing to resolve.

Thanks, Chris (or Ryan?). Exactly what I'm thinking of it.

BR,
  PIT


------------------------------------------------------------------------
---
 copyleft(c) by |           People disagree with me. I just ignore them.
 Peter Allgeyer |   _-_     -- Linus Torvalds, regarding the use of C++
                | 0(o_o)0   for the Linux kernel
---------------oOO--(_)--OOo--------------------------------------------
---



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch