[ previous ] [ next ] [ threads ]
 From:  "Brandon Holland" <brandon at cookssaw dot com>
 To:  "'fisch'" <fisch at conne dash island dot de>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Feature request which would make m0n0wall even better ;)
 Date:  Sat, 24 Jan 2004 14:22:44 -0600
Nope, it doesn't fisch.  I'm behind some of the other brains (like how I
add myself into words and thoughts to hautily lift myself up? :) )
behind the fact that unnecessary complexity reduces security.

I've read where - even with NTP as simple in concept as it is, it's a
potential security hole!

What I do (and like better) is use an inside NTP server that gets time
from another NTP and then all clients (including m0n0) use my internal
NTP server instead.

I've REALLY needed that "group" feature for m0n0's firewall rules.
Currently, I have four rules where one could be :'(

(Four different IP subsets, two subnets with same parameters)

I use an internal server for DHCP so can't help you on that and don't
use IPSEC (I use pptp since it's simple in Windows)

Brandon Holland    (Brandon at Cookssaw dot com)
Network Administrator
Cooks Saw MFG, LLC (www.CooksSaw.com)
    "Leading the bandsaw Industry
         by providing tomorrow's innovation today"
160 Ken Lane
Newton, AL 36352  (Click for map)
   Ph: 1-800-473-4804    [ (334) 692-5074 ]
   Fax: (334) 692-3704

-----Original Message-----
From: fisch [mailto:fisch at conne dash island dot de] 
Sent: Saturday, January 24, 2004 12:43 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Feature request which would make m0n0wall even
better ;)

Jorgen Norrman sagte:
> Hello m0n0wall users/developers
> Here's another guy just asking for improvements, but this time he's
> Sweden!  :)
> Anyhow here's my requests/tips/wantings ...
> [System: General setup]
> It would be nice if m0n0wall could act as ntp server for the
> lan/pptp/ipsec clients.

it doesn't ?

> [Firewall: Rules]
> A must have is the ability to make port lists or groups containing
> Another great feature would be groups containing ip-adresses.

port lists, would be very great!!!
at time i migrate to m0n0wall and I never have a port range in a rule
always a port list (http and https or smtp and ssmtp or 20 different
for CMS). With the WebGui you waste a lot of time by setting up an new
firewall. Now I'am editing the config.xml - it's faster.
I think "duplicate a rule" would help too - so you only have to change
IP or port, and not to fill out the whole site.

> [Services: DHCP]
> Nodetype för Windows machines. (Ex. 0x8 for making the machine use
> before braodcast)
> DNS server entryn for those who has DNS servers on LAN for the clients
> and want m0n0wall to use ISP's DNS servers.

I thought you can edit the dhcp-config - so it is possible

> [VPN: IPsec: Tunnels]
> enable/disable different tunnels
> /jn

fisch at conne dash island dot de

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch