Captain Crunch's New Boxes, Part II 423
micsaund writes: "It looks like the infamous Captain Crunch has been toiling away for 3 years on a firewall now known as the Crunchbox. It runs OpenBSD and is administered via a web-based interface. Steve Wozniak is quoted as saying it's 'next to un-crackable.' Check it out at ShopIP. The Register also has an article on it. As an aside, since the Linux Router Project (LRP) appears to have been sold-out and GnatBox is a tad expensive, is anyone aware of some kind of 'packaged' firewall with a slick interface available for free?" We mentioned Draper's venture into firewalls last year, but there's been some progress since then.
Re:Free Firewall... (Score:3, Interesting)
From what I can gather, his attitude could use some serious positive adjustments.
He does provide a FREE fw, but it wouldn't excuse his behavior IMHO, should the IRC logs and such posted on the net turn out to be true.
Cheers!
SINCE WE'RE ON THE SUBJECT... (Score:3, Interesting)
Fast, reliable, application level proxies - with the ability to log at different levels (and run on linux).
Where can these be found?
Both generic tcp/udp proxies and application aware "smart" proxies (i.e. H.323, NetMeeting, RealAudio, etc.). I know a lot of this funationality exists in the kernel, but I'd love to have proxies for those pesky protocols that decide on random high ports. If it could see and understand the "conversation", it could then, on the fly, proxy the appropriate (randomly selected) ports.
If I am completely missing something here (i.e. I'm a moron?!), let me know. I can take it. I think??
FWTK: Not a fancy interface... (Score:4, Interesting)
http://www.fwtk.org/main.html
There's still a lot of support and I believe an active mailing list.
I put one together 5 years ago, and the company I work for still uses it for their mailing host.
Interface? There is none. But it works pretty damned good if you're willing to spend 1 day understanding how it works.
Not a bad deal.
Re:Correct Smoothwall Archive URL (Score:2, Interesting)
My concern in some areas with Smoothwall is that a good deal of the security they had in place at the time of my conflict with them, was based on a ''They'll never get to root anyhow'' mentality. My main suggestion, GCC, is something that could only be exploited from a root login. Honestly, once a root login is compromised, your firewall is essentially useless as a security tool. And seeing how root is claimed to be the only login id available on a Smoothwall system, it would stand to reason that any access would be catastrophic.
However, the crux of my entire line of reasoning was that "for my needs" I'd like a system that had those features. Its perfectly understandable, expected, and encouraged that Smoothwall and other projects target whatever userbase they want to. But by giving me the terse response they did, instead of saying "We're not targeting the small home user who wants a web presence, sorry." it just really rubbed me the wrong way. They could even have left out the "sorry".
That's fine, that's cool, I said as much repeatedly in my correspondence. However, I kept being treated with the same lack of respectable treatment that Richard is increasingly known for. For me, right after the IRC conversation, it became a matter of the lack of courtesy with which I was treated feeding the flames. Pun not intended.
I'll admit to my faults in that exchange, but don't expect the same from Richard or his team. And that, to be honest, is where Smoothwall really fails.
Re:Smoothwall Attitude Problems (was: Smoothwall) (Score:5, Interesting)
The FAQ devotes 32 of 88 pages to how to correctly interact with the community, with such topics as "On Not Reacting Like a Loser" and "RTFM and STFW: How to tell you've seriously screwed up."
Furthermore, the remaining 56 pages are liberally sprinkled with the same: "Asking this question on the mailing list or IRC will inevitably result in the verbal equivalent of being hit round the head with a baseball bat. The answer is NO."
While I appreciate the sentiment of these statements, devoting nearly half of the document to this topic might be a little overboard.
Re: Updating Smoothwall yourself? (Score:4, Interesting)
I mean, honestly, it's probably a little "over the top" to ban your IP over the question -- but looking at it from the author's side for a minute; You're basically trying to modify the package to suit your specific needs. If you do this, you run a risk of introducing new code that's untested as to the level of security inherent in it. If the author helps you do these modifications, and then your box gets hacked later, how do you think that reflects on his original product?
Richard Morrell may have his share of attitude problems, but I don't think this is really a fair one to use against him. Firewalls are *not* supposed to run other services. People keep trying to add ftp, printing and Samba file sharing services to Smoothwall, among other things - and it's just a BAD idea.
Re: Updating Smoothwall yourself? (Score:1, Interesting)
Think about it: Darren Reed, Richard Morrell, Theo De Radt, etc. etc.
They all share common traits: bad attitudes and superiority complexes.
From what I read and understand, Richard Morrell is just a mean wanker, with no justification or provication. Darren Reed and Theo deRadt aren't so flamboyant as Morrell. They are pretty understanding, and you can atleast communicate with them, unless you are one of the other.
They seem to be stubborn more than anything; however, they have the right to do what they want with their respective projects.
I think the source for all of this is, of course, insecurity (in a personal, non computer related way).