RE: [m0n0wall] Feature request which would make m0n0wall evenbetter ;)

From:	"Brandon Holland" <brandon at cookssaw dot com>
To:	<Hilton at QuarkAV dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Feature request which would make m0n0wall evenbetter ;)
Date:	Tue, 27 Jan 2004 09:26:18 -0600

Now that's the kind of talk I'm all about.

I second that thought! A firewall that is ONLY a firewall? No way. :)

Brandon

-----Original Message-----
From: Hilton Travis [mailto:Hilton at QuarkAV dot com] 
Sent: Tuesday, January 27, 2004 7:34 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Feature request which would make m0n0wall
evenbetter ;)

Hi Nik,

On Tue, 2004-01-27 at 22:43, Nik Clayton wrote:
> On Sun, Jan 25, 2004 at 07:14:12AM +1000, Hilton Travis wrote:
> > Nope, it wouldn't.  Adding extra functionality to a firewall is like
> > asking that your toaster also boil the kettle.  It is just not
designed
> > for that.
> > 
> > Adding NTP will then have people asking for ident, then eventually
> > Samba.  Believe me, I've seen this happen before.  :)
> 
> What I think a lot of these requests are expressing is a need for
> either:
> 
>   a) A mono<foo> that's not designed to be a firewall, but that is 
>      designed to provide these sorts of 'small' services for smallish
>      networks.
> 
>         NTP
> 	DNS
> 	WINS
> 	Authentication
> 
>      and so on, or

m0n0wall is a firewall.  It isn't a file server, nor is it a BSD distro
designed to run as a fish tank controller.  I cannot understand why
people want to compromise the security of a security device by running
additional software on it that is not designed, suited, or even safe to
be running on a firewall.

>   b) A plugin framework that lets people write these things
themselves,
>      safe in the knowledge that the next update isn't going to stomp
>      all over them.

Ever heard of E-Smith, Clark Connect, BSD, Linux, Windows SBS, etc? 
These are designed to be modular systems that run extremely well behind
a secure firewall, work as a modular system, and can easily provide all
the functionality that a firewall shouldn't.

Personally, I want a firewall that is a firewall.  I'll have another
internal, protected, server to run these server functions.  Security is
paramount for a security device, and for your network.

-- 

Regards,

Hilton Travis                   Email: Hilton at QuarkAV dot com
Manager, Quark AudioVisual      Phone: +61-(0)7-3343-3889
         Quark Computers        Phone: +61-(0)419-792-394
(Brisbane, Australia)            http://www.QuarkAV.com/

Open Source Projects:		http://www.ares-desktop.org/
				http://www.mamboband.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch