[ previous ] [ next ] [ threads ]
 
 From:  Rene Moser <mail at renemoser dot net>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Feature request: UPnP
 Date:  Thu, 17 Jul 2008 16:54:19 +0200
hi Michel

Michel Servaes wrote:
 > Some time ago, someone else asked this question before...
 > Back then the answer was no... UPNP is a possible security issue, 
when misused by one of your local applications... and when using 
monowall, you know what you are doing, in so - you'd have to open ports 
yourself - which I greatly appreciate.
You are absolutly right, when using upnp you have to know what you are 
doing.

 > If you really want upnp, you should consider pfsense (although I 
don't use it, I see the option in my status list - which obviously tells 
me that it is disabled - I guess there is somewhere in the GUI an option 
to enable it in pfSense).
But what about giving the same option in m0n0 as it is in pfSense. So 
you can chose (if you really like upnp and you know what you are doing, 
you can enable it)

Of course it would be great, if you could say, this host with ip 
xxx.xxx.xxx.xxx is allowed to do upnp.

But I mean, opening ports is

- not really more secure
- not comfortable (but this is normally not a point in security issues)


/rene
signature.asc (0.3 KB, application/pgp-signature)