[ previous ] [ next ] [ threads ]
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Peter Allgeyer" <allgeyer at web dot de>, "Giobbi, Ryan" <rgiobbi at AGOC dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>, "Chris Buechler" <cbuechler at gmail dot com>
 Subject:  RE: [m0n0wall] Re: UPnP as a possible future option?
 Date:  Mon, 5 Dec 2005 10:18:38 +0100
I last year builded a linux firewall for a client which wanted to have
UPNP for there LAN to the internet connection.

I told him the danger of this but he still wanted to have this (and he
payed for it) so I did it.

After running that box for a half year now it turns out to be very
unstable with the free UPNP daemon running (the UPNP daemon just crashes
at certain points leaving the ports open).

I also patched the daemon to also cleanup certain ports and added some
security checks but even then the rest of the daemons are unstable...

I don't think it's a good idea to have unstable software on a firewall
that tries to be stable...


Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
jonathan dot de dot graeve at imelda dot be

Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite

-----Oorspronkelijk bericht-----
Van: Peter Allgeyer [mailto:allgeyer at web dot de] 
Verzonden: donderdag 1 december 2005 12:10
Aan: Giobbi, Ryan
CC: m0n0wall at lists dot m0n0 dot ch; Chris Buechler
Onderwerp: RE: [m0n0wall] Re: UPnP as a possible future option?

Am Mittwoch, den 30.11.2005, 20:54 -0500 schrieb Giobbi, Ryan:
> In all seriousness, let me explain something.  Open source works when
> people contribute what they want to see in a project.  It *DOES NOT*
> work when people do nothing but bitch, moan and complain about what
> they want and don't do anything about it.  Want uPNP?  Make an image
> with support that works, and submit the code to Manuel and/or the dev
> list. Obviously from past threads, those of us that contribute
> couldn't give a shit less if uPNP is supported or not.  The other
> alternative is to offer up $X for whoever can implement uPNP.  If X is
> sufficiently large, someone will do it.  This isn't a whining
> competition with the winner getting whatever feature they want.
> If it doesn't make it into the base system, I would gladly host the
> uPNP-enabled images on my site, and link to them from the
> documentation, so the effort wouldn't be for naught.
> sorry, tired as hell of this and similar crap that people want to moan
> about but do nothing to resolve.

Thanks, Chris (or Ryan?). Exactly what I'm thinking of it.


 copyleft(c) by |           People disagree with me. I just ignore them.
 Peter Allgeyer |   _-_     -- Linus Torvalds, regarding the use of C++
                | 0(o_o)0   for the Linux kernel

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch