[ previous ] [ next ] [ threads ]
 
 From:  Uli Wachowitz <uli at wach dash o dash witz dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] suggestion
 Date:  Wed, 2 Jun 2004 21:50:47 +0200
2004-06-02 20:28, Adam Nellemann wrote:

> such as MRTG or similar, providing that you have some always-on box on

Agreed

> That being said, I can see the use of such a feature on m0n0wall 

Me too

> Well, that is always an easy opinion to have, IF you are lucky enough 
> to have access to one or more always-on box(en) and 

Again, I agree. The fact that not everyone has the possibility to own
those 'always-on-boxes' has to be considered. I don't know right now
what to answer in that case

> IF you happen to know how to setup and use such tools!

If you don't know, you can always learn it. I mean, if you are
responsible for a firewall or your amount of traffic, you should have
enough ambition to learn that.

> typically don't seem to recognize the fact that many people do NOT 
> have this option

Believe me, I recognize this fact. As I said above, I don't know what to
answer in this case. Maybe I'm a bit arrogant, but I'm just phrasing my
opinion.

> This is especially true for a project like m0n0wall, which was hardly 
> meant to be a tool for hardcore coorporate server admins

OK, point for you

> Yes, IF you know how to set it up and use it

Learn it

> IF you have a box to run

Built one

> Apparantly, and not only have we heard it often before, but it is also
> quite a narrowminded way to look at things (IMHO, and no offence 
> intended), m0n0wall in particular, which was never meant to be JUST a 
> firewall, as there would then be only one page in the webGUI, namely 
> the one with the firewall rules!

Mhh, if so, I might have misunderstood the intention of this project

> I'd suggest that you find such a product then, because m0n0wall 
> obviously isn't it, seeing as it has NAT, Traffic shaping, DNS 
> forwarder, DHCP server, DynDNS client, and... and... All of which 
> can't be said to be strictly firewall related.

This depends on how you define 'firewall'. One could (and should) also
say, that a firewall is a concept, not only a box full of functions.

> I accept the fact that I can't expect m0n0wall to have all and every 
> feature I want or need, and more to the point: That it might have some
> that I don't need or want. I don't understand why certain people have 
> such a hard time accepting this "fact of life"?

*sig*

> Oh yes, and I'd like to apologise for being instrumental in 
> perpetuating this discussion. Also, if any of the above come across as
> "flaming", I'd like to apologise for that too, 

No, believe me, I'll never see answers like yours as flaming. We are all
different individuals with different points of view. As long as we
discuss thing in a fair and respectful way every opinion should be
listened to.

> I'm perfectly happy with any additional feature m0n0wall gets, as long
> as the various security, storage, and other issues are taken into
> account.

The more features, the more points of failures. But i see your point.

> why would I want to have yet another 
> complex box, full of moving, noisy parts, 

ecause it makes fun to assemble something like this?

> running in my diningroom 

You need a seperate serveroom ;-)

> That, IMHO, is an option suited for admins of large cooporate 
> networks, where uptime, stability and extreme and convoluted security 
> measures are apropriate concerns.

Well, you've just described my Home-LAN

> Also, I still haven't heard any really good arguments against adding 
> these things? As long as they do not pose a potential security risk or
> take up extreme ammounts of CF space or RAM, and can be disabled (or 
> come in the form of user installable modules), 

Avoiding security risks will become more and more difficult the more
features you add. Making features as modules would give the users the
freedom to decide what risk to take.

> I'm not saying that the suggested feature, or any other, should be 
> added without due consideration, just that there are very good 
> arguments for not making m0n0wall a "firewall is a firewall is a 
> firewall" product.

This depends on everyones personal point of view. Mine is, it is a tool
to secure my net, with VPN if I like, etc. If I want some colorfull,
noisy gizmos and fancy reports and bells'n wizzles, well, ok, I'll now
my way to get all this, but I simply don't like those fancy things on a
device which is 'merely' responsible for my protection.

> (I just hope I didn't offend too many people in the process?)

Same passes for me

uli

-- 
Prayers have no place in school, just as facts 
have no place in religion! - The Simpsons