[ previous ] [ next ] [ threads ]
 
 From:  Dana Spiegel <dana at sociabledesign dot com>
 To:  Hilton at QuarkAV dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Nocatsplash
 Date:  Mon, 15 Mar 2004 20:55:35 -0500
To be honest, this is a stupid argument to be having. Its quite easy, 
should we decide to do so, to add an on/off button for a particular 
feature (defaulting to off). Then you would have your secure firewall, 
while others would have their firewall + SOHO router.

To be clear, in a sense what is being proposed by Mitch, and has been 
proposed and supported by me and a few others in the past, can be 
argued to be "appropriate" for your definition of what m0n0wall should 
include, since enabling secure routing of packets is a function of a 
"captive portal".

To be sure, someone other than Manuel should endeavor to build this 
functionality, since he is probably (and understandably) busy with more 
pressing matters (m0n0 or otherwise).

One of the greatest things about m0n0wall, and the reason why I use it 
instead of a Linux box, is its ease of use and pleasant web interface. 
Adding to this an ability to set up a captive portal (one that could be 
enabled/disabled at the operator's will) would certainly increase the 
marketability of the project and would invite more people to 
participate in making it an even better system.

And to be honest, standing behind the excuse of "no because it will 
compromise the security of the device" is only valid when it is a true 
statement. The addition of a captive portal would in no way compromise 
your firewall if you choose not to enable it, just like the ability to 
use an 802.11b card in m0n0wall doesn't compromise your firewall if you 
choose not to install it.

To everyone's benefit, I think that if someone is interested in 
building this feature, we should support and encourage its creation, 
and leave the nay-saying to a minimum.



123 Bank Street, Suite 510, New York, NY 10014


On Mar 15, 2004, at 6:57 PM, Hilton Travis wrote:

> Hi Mitch,
>
> On Tue, 2004-03-16 at 09:33, Mitch (WebCob) wrote:
>> Just a thought...
>>
>>>> Can be a bit difficult for all those hot-spot users that will
>>> be using the
>>>> network, no? :)
>>>
>>> Quite possibly, but I'd rather not have such a feature on a firewall 
>>> -
>>> its use would be limited to only those few people in that situation, 
>>> and
>>> would introduce another possible point of vulnerability for all 
>>> users.
>>> I still think that an Internet, web server, or other would be more
>>> appropriate than some popup on the *firewall*.
>>>
>>
>> In a time when there are more packaging managers than programmers (or 
>> so it
>> seems) Why can't we stop bickering about what a firewall is, and start
>> enabling people to do expansions they need.
>>
>> As monowall is based on FreeBSD, does it support the standard package
>> manager functions?
>>
>> If so, then instead of saying "NO" to features each of us may 
>> personally
>> find useless, and turning away those portions of a potentially larger 
>> user
>> community, why don't we encourage or support organized extension of 
>> the
>> existing platform?
>
> Because a firewall is a security device.  Plain and simple.  It is not 
> a
> web server, nor a file server, nor an ftp server, nor does it do your
> ironing, scrub the bathroom tiles nor wash the oil stains off your
> garage floor.  The more fluff you add, the less secure the firewall
> becomes, and the less able to do its real job - protecting your 
> network.
>
>> What is common and in yours or my best interest today MAY change 
>> tomorrow -
>> I'd rather have one big project with lots of support and 
>> extendability as
>> needed than have hundreds of splinter projects so no one knows which
>> supports what.
>
> Personally, I'd rather have a secure firewall.
>
> Manuel, on his monowall website, does have a "hacker's guide" that will
> allow you to create a m0n0wall image to suit your needs.  Sure, this 
> may
> create splinter projects, if you and others do this - but then people
> can choose the added fluff they need.  I'd think that most people would
> choose the "no fluff" version.  If a particular piece of added fluff
> becomes popular, and fits within the ethos of m0n0wall, then I'm sure
> Manuel would consider adding it to his base images.
>
> I'd still rather have a secure firewall and use other devices to butter
> my bread.
>
> -- 
>
> Regards,
>
> Hilton Travis                   Phone: +61-(0)7-3343-3889
> Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
>          Quark Computers         http://www.QuarkAV.com/
> (Brisbane, Australia)            http://www.QuarkAV.net/
>
> Open Source Projects:		http://www.ares-desktop.org/
> 				http://www.mamboband.org/
>
> Non Linear Video Editing Solutions & Digital Audio Workstations
>  Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
>   Conference and Seminar AudioVisual Production and Recording
>
> War doesn't determine who is right. War determines who is left.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch