[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  brad dot gibson at naponline dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Quick Question and Poll
 Date:  Tue, 20 Jan 2004 16:10:33 +0100
brad dot gibson at naponline dot net wrote:

> However, a co-worker replied to my suggestion of m0n0wall after
> looking at m0n0wall's website. He stated that "[he'd] be leery of
> firewall software who's entire security page is this:" 
> ...
> I have to admit, that does sound a little scary. I personally think

Yes, indeed it does. That statement is as old as the first m0n0wall 
version, and much has changed for the better in the meantime. Also, I 
think I'm being pretty perfectionistic, and when I look at things like 
for example the default rule on ZyWALLs that is supposed to pass IKE 
traffic to make IPsec work, I'm actually very satisfied with what we 
have now. Nevertheless, you can turn any firewall into pseudo-security 
by messing up the ruleset, and some people unfortunately don't realize 
that having a web interface doesn't free them from understanding 
firewalling.

But I'll revise that statement to sound a little bit more self-confident 
very soon. :) FWIW, I haven't received a single report of insecure 
ipfilter rulesets generated by m0n0wall yet...

> If everyone could reply and answer the following questions, I'd
> appreciate it!

Some of these overlap with questions in the m0n0wall survey, but some 
real, personal testimonials would still be interesting to hear. :)

BTW, 357 surveys have been submitted so far - thanks everybody! I'll 
post the results as soon as the survey submission rate drops to less 
than about 10 per day.

Greets,

Manuel