I agree completely on the UPnP issue. I do, however, have a use for UPnP and that is with my game
consoles. The Wii is notorious for having problems with non-UPnP firewalls. My solution to the
problem was to switch to pfSense and put all of my game consoles on an OPT interface and set UPnP to
listen on the OPT1 interface instead. My game consoles have no need to talk to my other devices so I
DMZ'd them off on their own and put UPnP on that interface. I am not sure if the inherent security
issue with UPnP will affect my firewall overall. I am hoping that if there is a vulnerability in
UPnP that only the interfaces UPnP is bound to will be affected. If that is the case, then I am
sitting pretty on the UPnP issue.
If possible, it would be interesting to see set up UPnP on the monowall, disable by default and only
allow interaction with the OPT interfaces. Maybe through some chroot acrobatics?
Regards,
Dan DeRemer
IT Specialist
AtNetPlus, Inc.
www.AtNetPlus.com
Keep Connected + Keep Secure + Keep Working
-----Original Message-----
From: m0n0wall dash digest dash help at lists dot m0n0 dot ch [mailto:m0n0wall dash digest dash help at lists dot m0n0 dot ch]
Sent: Monday, April 13, 2009 9:00 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: m0n0wall Digest 14 Apr 2009 01:00:00 -0000 Issue 1819
m0n0wall Digest 14 Apr 2009 01:00:00 -0000 Issue 1819
Topics (messages 35503 through 35511):
problems with DHCP
35503 by: Brian Lloyd
35506 by: Dennis Karlsson
Re: Beta 1.3b16 released
35504 by: Tim Nelson
35505 by: Quark IT - Hilton Travis
35507 by: Manuel Kasper
35508 by: Vincent H?mmerli - EXES s?rl
35509 by: Mathias Lustig
35510 by: Chris Buechler
35511 by: Mathias Lustig
Administrivia:
To subscribe to the digest, e-mail:
<m0n0wall dash digest dash subscribe at lists dot m0n0 dot ch>
To unsubscribe from the digest, e-mail:
<m0n0wall dash digest dash unsubscribe at lists dot m0n0 dot ch>
To post to the list, e-mail:
<m0n0wall at lists dot m0n0 dot ch>
---------------------------------------------------------------------- | 