[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Monowall comparison to Smoothwall Express?
 Date:  Sat, 13 May 2006 16:51:32 +0100
Hi,

        please keep discussion on-list.

In message <4465FA9B dot 3040301 at pacbell dot net>, Richard T. Stofer
<rstofer at pacbell dot net> writes
>
>> M0n0wall gave me much more flexibility for what I wanted to do - I
>> wanted to be in control of the rules and not have to live with
>> predetermined rules built into IPCop and Smoothwall.
>>
>I don't see how m0n0wall gives you more flexibility in creating rule
>sets than smoothwall. I have used smoothwall for over 3 years and it
>was a replacement for floppyfw. The only reason I have installed
>m0n0wall is the noise from the disk drive and fan on the PC running
>smoothwall. But, with smoothwall, you certainly have complete access to
>the iptables rule set. and automatically blocking the ip's of bad
>actors based on break-in attempts is a definite plus.
>
>In fact, one of the things I don't like about m0n0wall is the very
>limited ability to create rules. From the web interface it is not
>possible to specify 'quick' or 'keep state'; perhaps those are default
>options but I can't prove it. It is also not possible to specify rules
>that drop packets based on invalid flags, at least from the web
>interface (I don't see any of these options in the xml syntax
>description). Worse, the handbook in section 5.1 contains not even one
>example of a rule set for the typical home office although it does
>discuss the DMZ configuration. Again, perhaps the default configuration
>is adequate; it is certainly minimal.
>
>Both smoothwall and m0n0wall are easy to install with the nod going to
>m0n0wall for the amount of effort it takes to get up and running in a
>default configuration (using Linux and dd for my CF installation).
>
>I wanted to use a Soekris 4501 instead of a PC and m0n0wall is about as
>good as it gets on that platform. I am also investigating the Soekris
>variant of floppyfw because, again, I can get right down in the mud
>with the iptables rule set. This firewall is easy to install if you are
>proficient in Linux; I am not.
>
>There are dozens of variations on the firewall theme. I think m0n0wall
>is among the most visually striking and is certainly easy to install. I
>am still curious about the rule set.

Last time I used Smoothwall (and IPCop), neither had a GUI for
administering rules.  I know I could open the bonnet and tinker to my
heart's content but I didn't want to.  And that's not really the idea of
an appliance.  If I did then I'd have created my own firewall, I'm a
Linux sysadmin anyway!

Smoothwall and IPCop had this preconceived idea that Green has access to
Orange + Red and Orange has access to Red, etc.  I wanted to be able to
control exactly what went on, I don't want my servers on my DMZ having
unfettered access to the Internet.  In fact, each one of them runs
iptables to limit what they can do.

Please remember that this is a community effort and if there's something
not in the manual that should be, feel free to contribute it.


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk