On Tue, 2004-01-27 at 22:43, Nik Clayton wrote:
> On Sun, Jan 25, 2004 at 07:14:12AM +1000, Hilton Travis wrote:
> > Nope, it wouldn't. Adding extra functionality to a firewall is like
> > asking that your toaster also boil the kettle. It is just not designed
> > for that.
> > Adding NTP will then have people asking for ident, then eventually
> > Samba. Believe me, I've seen this happen before. :)
> What I think a lot of these requests are expressing is a need for
> a) A mono<foo> that's not designed to be a firewall, but that is
> designed to provide these sorts of 'small' services for smallish
> and so on, or
m0n0wall is a firewall. It isn't a file server, nor is it a BSD distro
designed to run as a fish tank controller. I cannot understand why
people want to compromise the security of a security device by running
additional software on it that is not designed, suited, or even safe to
be running on a firewall.
> b) A plugin framework that lets people write these things themselves,
> safe in the knowledge that the next update isn't going to stomp
> all over them.
Ever heard of E-Smith, Clark Connect, BSD, Linux, Windows SBS, etc?
These are designed to be modular systems that run extremely well behind
a secure firewall, work as a modular system, and can easily provide all
the functionality that a firewall shouldn't.
Personally, I want a firewall that is a firewall. I'll have another
internal, protected, server to run these server functions. Security is
paramount for a security device, and for your network.
Hilton Travis Email: Hilton at QuarkAV dot com
Manager, Quark AudioVisual Phone: +61-(0)7-3343-3889
Quark Computers Phone: +61-(0)419-792-394
(Brisbane, Australia) http://www.QuarkAV.com/
Open Source Projects: http://www.ares-desktop.org/
Non Linear Video Editing Solutions & Digital Audio Workstations
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
Conference and Seminar AudioVisual Production and Recording
War doesn't determine who is right. War determines who is left.