brad dot gibson at naponline dot net wrote:
> However, a co-worker replied to my suggestion of m0n0wall after
> looking at m0n0wall's website. He stated that "[he'd] be leery of
> firewall software who's entire security page is this:"
> I have to admit, that does sound a little scary. I personally think
Yes, indeed it does. That statement is as old as the first m0n0wall
version, and much has changed for the better in the meantime. Also, I
think I'm being pretty perfectionistic, and when I look at things like
for example the default rule on ZyWALLs that is supposed to pass IKE
traffic to make IPsec work, I'm actually very satisfied with what we
have now. Nevertheless, you can turn any firewall into pseudo-security
by messing up the ruleset, and some people unfortunately don't realize
that having a web interface doesn't free them from understanding
But I'll revise that statement to sound a little bit more self-confident
very soon. :) FWIW, I haven't received a single report of insecure
ipfilter rulesets generated by m0n0wall yet...
> If everyone could reply and answer the following questions, I'd
> appreciate it!
Some of these overlap with questions in the m0n0wall survey, but some
real, personal testimonials would still be interesting to hear. :)
BTW, 357 surveys have been submitted so far - thanks everybody! I'll
post the results as soon as the survey submission rate drops to less
than about 10 per day.