january 10, 2005I switched the firewall from SmoothWall over to m0n0wall. Although I liked SmoothWall and its interface, it was lacking in some features and had some worrisome problems:
- Though there is IP Filtering, it is not as configurable as it could be. I can filter packets from IP addresses, but I could not filter down to the port level. That is something that should be available. There is an add-on that enables that functionality, but it seemed to have broke my installation when I added it.
- There are a lot of complaints about the developers of SmoothWall. The biggest one is that the free SmoothWall is neglected and is only a real way for them to try to sell-up to the commercial version. That would not be so bad if they actually tried to look like they cared. The scary thing is that things like the mailing lists for the free distribution are broke.
- Though the distribution is free, there are some questions about the licensing of SmoothWall. People have suggested that if you want to use SmoothWall, try the completely Open Source and free IPCop instead. IPCop was forked from SmoothWall to be a completely free distribution and a lot of the features are the same.
- SmoothWall installs to the harddrive a distribution of Linux. That's bad? Kind of, if it can be installed onto media that is read/write, then it can be hacked. That would be bad. Also running the harddrive just for a low-utilization firewall would be a waste of energy.
M0n0wall is based on FreeBSD (not Linux like SmoothWall), which some purport to be safer than Linux. I won't touch that one since I use Linux for my main server. But, m0n0wall comes with the IP filtering that I was looking for. It also boots and runs directly off a CD -- the only writable media is a floppy disk, this might be a security risk, but not as big as having a complete OS on media that is writable. M0n0wall is also a completely free piece of software. Their mailing lists work too. I like it because it is so easy to setup and yet so powerful. To backup? Just save the XML configuration file and you're done. More on m0n0wall later, I think this is a keeper.
<< back || ultramookie >>