RE: [m0n0wall] Feature request which would make m0n0wall even better ;)

From:	"Brandon Holland" <brandon at cookssaw dot com>
To:	"'fisch'" <fisch at conne dash island dot de>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Feature request which would make m0n0wall even better ;)
Date:	Sat, 24 Jan 2004 14:22:44 -0600

Nope, it doesn't fisch.  I'm behind some of the other brains (like how I
add myself into words and thoughts to hautily lift myself up? :) )
behind the fact that unnecessary complexity reduces security.

I've read where - even with NTP as simple in concept as it is, it's a
potential security hole!

What I do (and like better) is use an inside NTP server that gets time
from another NTP and then all clients (including m0n0) use my internal
NTP server instead.

I've REALLY needed that "group" feature for m0n0's firewall rules.
Currently, I have four rules where one could be :'(

(Four different IP subsets, two subnets with same parameters)

I use an internal server for DHCP so can't help you on that and don't
use IPSEC (I use pptp since it's simple in Windows)

Brandon Holland    (Brandon at Cookssaw dot com)
Network Administrator
Cooks Saw MFG, LLC (www.CooksSaw.com)
    "Leading the bandsaw Industry
         by providing tomorrow's innovation today"
160 Ken Lane
Newton, AL 36352  (Click for map)
   Ph: 1-800-473-4804    [ (334) 692-5074 ]
   Fax: (334) 692-3704


-----Original Message-----
From: fisch [mailto:fisch at conne dash island dot de] 
Sent: Saturday, January 24, 2004 12:43 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Feature request which would make m0n0wall even
better ;)

Jorgen Norrman sagte:
> Hello m0n0wall users/developers
>
> Here's another guy just asking for improvements, but this time he's
from
> Sweden!  :)
> Anyhow here's my requests/tips/wantings ...
>
> [System: General setup]
> It would be nice if m0n0wall could act as ntp server for the
> lan/pptp/ipsec clients.

it doesn't ?

> [Firewall: Rules]
> A must have is the ability to make port lists or groups containing
ports.
> Another great feature would be groups containing ip-adresses.

port lists, would be very great!!!
at time i migrate to m0n0wall and I never have a port range in a rule
but
always a port list (http and https or smtp and ssmtp or 20 different
ports
for CMS). With the WebGui you waste a lot of time by setting up an new
firewall. Now I'am editing the config.xml - it's faster.
I think "duplicate a rule" would help too - so you only have to change
the
IP or port, and not to fill out the whole site.

> [Services: DHCP]
> Nodetype för Windows machines. (Ex. 0x8 for making the machine use
wins
> before braodcast)
> DNS server entryn for those who has DNS servers on LAN for the clients
> and want m0n0wall to use ISP's DNS servers.

I thought you can edit the dhcp-config - so it is possible

> [VPN: IPsec: Tunnels]
> enable/disable different tunnels
>
> /jn

bye
fisch
-- 
fisch at conne dash island dot de
http://kampagne.conne-island.de

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch