[ previous ] [ next ] [ threads ]
 From:  Adam Nellemann <adam at nellemann dot nu>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Blocking m0n0wall?
 Date:  Tue, 18 May 2004 20:45:46 +0200

Have I got the following right:

1: The firewall rules only block packets comming IN on the specified 

2: Packets originating from m0n0wall itself doesn't come IN on any 

1+2=3: Packets sent by the m0n0wall box itself can't be blocked by 

(The above assumes that no command line stuff is used, only what can 
be done through the webGUI.)

The question arose because a (rather paranoid) friend of mine asked me 
if it would be possible to prevent m0n0wall from accessing the 
firmware server. He was apparantly concerned with the "Big Brother is 
watching You!" implications, even though I tried to argue that it 
would probably be more likely that Microsoft Update (which he is 
happily using) had such things going on, than our dear OpenSource 
oriented Manuel. But of course he then argued that MS Update is 
user-initiated, unlike the firmware check in m0n0wall.

His question, however, made me think: Seeing as so many m0n0wall users 
are always concerned about security and privacy, especially whenever 
some new feature is suggested or implemented, I find it quite strange 
that nobody has so far commented on the addition of this little 
"feature", and the fact that it doesn't appear to be possible to 
disable it?

Personally I'm quite happy with this particular feature, even if I 
have a feeling that it must be contrary to most definitions of what a 
firewall should and shouldn't do. In fact, I'd even like this feature 
to include an option (button) to download and install the new image, 
assuming one is available, directly from the server.

But this is was not meant to be a feature request, rather I would like 
to know a bit more about how this "feature" is implemented, and 
precisely what it does and when, and if it is at all possible to 
disable or prevent it from accessing the server?