SmoothWall Firewall Review

ray-x sent in a pointer to a review by c't of the Smoothwall firewall product. c't's reviewer described several flaws in the firewall. We asked Smoothwall for their comments on the review, which are posted below.

Daniel Goscomb, one of the lead developers of Smoothwall, responds:

In our opinion this article is extremely badly researched and written. Furthermore it shows a lack of knowledge on the author's part.

The main concern he has is that of people being able to log in to the firewall and read configuration files. This point is irrelevant as there is only a single user that can access the shell, root. This also removes the need of shadow password files, if you have access to the machine to get the passwd file, you are already in as root anyhow.

Secondly he complains of plain text passwords for the ppp passwords. This is not our doing. The passwords are stored in this format as pppd requires them to be in plain text in the two files. He also mentions that the permissions of these files are wrong. If he looked a little more closely he would have seen that they are in fact symlinks to the 2 real files, which do have the proper permissions on them.

He also mentions the same "problem" with the shared keys system in FreeSWAN. Again, they are stored like this as FreeSWAN requires them in this format to read them.

As to the part about user authentification of the CGI scripts. This is completely irrelevant. There is no authentication in the CGI scripts. The authentication is done via .htaccess files, and has no interaction with the CGI at all, other than when you change the passwords.

I also find it disturbing that the author gave us no room for comment in his article, nor did i see anything to suggest he had even asked us about these so called "problems". We would have been happy to answer any questions he had.

Sincerely,

Daniel Goscomb.

Re:Smoothwall is Great!

[beezly]

Walnut - don't be daft what use would a walnut firewall be?

Re:No room for comments?

[snake_dad]

And how exactly would shadowing help against over-the-shoulder-lookers? Oh wait, I get it, you create a shadow over the keyboard so it can't be seen.... Better pray that there is no IR filter on that security camera.

I know... I know, don't feed... oh well.

The name?!?!

[mikael]

I don't want to buy a product made for stopping criminals that is called "SmoothWall". This is like calling a Rottweiler "Sugar". Gimme a better name, like "Brickwall", "Barbed wire" or "Minefield.

Mikael

Re:Smoothwall & GPL

Dude, I hear you - I've not posted yet tonight, just sat and watched lame idiots attack me. How many of them sold their car so GPL people could have software, or instead of taking a holiday donated the cash to buy hardware for a project or to pay for needs ??

I've sunk approaching $71,000 into SmoothWall and people on here talk about donations ?? What donations ?? If you count $118 in 2 weeks as donations I'll get a job flipping burgers.

I am proud of SmoothWall if you don't care about that then sleep tight, I do. I also care about my team and my staff and I work 110 hr weeks for little pay to write good software.

The fact I run a corporate company helps subsidise the goits and the wannabee GPL coders who don't really have the first fucking clue how the real world works.

Not my issue - I have NOTHING to prove.

Richard

Re:Try OpenBSD for a firewall with minimal hardwar

[doorbot.com]

It is fairly simple and easy to use. (If you are familiar with Unix).

Is it just me or does that qualifying statement completely negate the previous statement?

Of course it's "simple" and "easy to use" if you already know what you're doing.

Re:Smoothwall & GPL

[Futurepower(tm)]

He's right, you need more sleep. It is self-destructive not to get enough sleep. You probably don't realize how crabby you have become.