SmoothWall Firewall Review

ray-x sent in a pointer to a review by c't of the Smoothwall firewall product. c't's reviewer described several flaws in the firewall. We asked Smoothwall for their comments on the review, which are posted below.

Daniel Goscomb, one of the lead developers of Smoothwall, responds:

In our opinion this article is extremely badly researched and written. Furthermore it shows a lack of knowledge on the author's part.

The main concern he has is that of people being able to log in to the firewall and read configuration files. This point is irrelevant as there is only a single user that can access the shell, root. This also removes the need of shadow password files, if you have access to the machine to get the passwd file, you are already in as root anyhow.

Secondly he complains of plain text passwords for the ppp passwords. This is not our doing. The passwords are stored in this format as pppd requires them to be in plain text in the two files. He also mentions that the permissions of these files are wrong. If he looked a little more closely he would have seen that they are in fact symlinks to the 2 real files, which do have the proper permissions on them.

He also mentions the same "problem" with the shared keys system in FreeSWAN. Again, they are stored like this as FreeSWAN requires them in this format to read them.

As to the part about user authentification of the CGI scripts. This is completely irrelevant. There is no authentication in the CGI scripts. The authentication is done via .htaccess files, and has no interaction with the CGI at all, other than when you change the passwords.

I also find it disturbing that the author gave us no room for comment in his article, nor did i see anything to suggest he had even asked us about these so called "problems". We would have been happy to answer any questions he had.

Sincerely,

Daniel Goscomb.

W00H00!

Posta da firsta

Daniel Goscomb seems far too complaintent

[byolinux]

That doesn't seem to be little more than excuse talk to me.

Smoothwall Firewall

Guys,
SHould I put one of these firewalls to protect my Linus beowulf cluster?

I don['t want any body who is not authorized to play with my cluster.

Typical Developer Reaction

[tthomas48]

Do they teach this response when pursuing a Computer Science degree? "Obivously you can't do it, because I can't think of how to do it." Sheesh.

Sexist behaviour @ SmoothWall

This photo of a woman's chest is highly inappropriate for a commercial firm.

G.O.A.T.S.E.

Ladies and gentleman, put our hands together for the largest ass on the Internet

G to the izz-O, A to the izz-T, S to the izz-E

Welcome ladies and gentlemen to the 8th wonder of the world
The ass of the century, oh it's timeless, GOATSE!
Thanks for clicking that link
You coulda been anywhere on the web
But you're here with me
I appreciate that...

G to the izz-O, A to the izz-T, S to the izz-E

Reading drivel on that press release 'bout VA (Linux)
Was wondern' why they changed their names
Dumped that dirt cheap stock, through with them
If I worked there, I'd quit, no way I'd work for them
Wasn't born a coder, I just make fun of em'

G to the izz-O, A to the izz-T, S to the izz-E

Porno for freezy keeps my hard drive so sleasy
Can't leave Everquest alone, the game needs me
Hex editing my name into VB progs, it ain't easy
Slashdot wanna IP block me, I get a proxy
And somehow, I beat the lameness filter like Rocky

G to the izz-O, A to the izz-T, S to the izz-E

Not guilty, he who mods me down is not real to me
Therefore he doesn't exist
So poof... vamoose son of a bitch

[Chorus]
G to the izz-O, A to the izz-T, S to the izz-E
Reading drivel on that press release 'bout VA (Linux)
G to the izz-O, A to the izz-T, S to the izz-E
That's the anthem get'cha damn hands up
G to the izz-O, A to the izz-T, S to the izz-E
Not guilty ya'll got-ta feel me
G to the izz-O, A to the izz-T, S to the izz-E
That's the anthem get'cha damn hands UP!

Holla at me...
I do this for the posters
To let 'em know what enlarged ass look like... when they shoulda looked at that link closer
Show 'em how to avoid a room full 'o taco snot coaxers
Get some good trolls in before the story's over
Posts with redirect goatse links even get modded up
I'm dissin JonKatz for those 15-year-old boys he seems to have a crush
Pay for premium Slashdot? You gotta be kidding us
If /. ain't profitable, pimp your boy whores for mo' bucks

[Chorus]
Yeah...
GOATSE is back, trollin' parody of rap
Go on, click that link, view the crater in that crack
Like I told you sell boys, no
JonKatz does that so hopefully you won't have to go through that
I was raised on Windows, point and click
If you don't like that, you can suck my dick
Got an X10 camera, focused on my ass
Wanna see the picture? PayPal me some cash
Threshold under 0, why I got it so low?
Save good trolls on my disk, watchin' all the time for more
So you know I seen it all before
I seen redundant on karma whores when their link post was too late
Crapfloods and mod downs, the two things I hate
A good troll modded up, the two things is great

G to the izz-O, A to the izz-T, S to the izz-E

What else can I say about Slashdot, it'll turn a man gay

[Chorus]
G to the izz-O, A to the izz-T, S to the izz-E
(4x to fade out)

The above has been brought to you by the fine folks of Frost Pist Brewery. Frost Pist Beer - Always ICE BREWED for a THICK head.

Re:The review is full of crap..

What, chicken to post in anything but anonymous mode? Loser.

Important Question: Read this right now

What is the address of the "Troll Tuesday 2001" website? It includes a picture of CmdrTaco and one of the other editors involved in anal sex.

Thank you

Re:Reveiwers have to listen...

[HiltonT]

Hi, I was in #smoothwall at that time too. I agree with Hellcore's comments - the "reviewer" came on and refused to admit he was writing an article, had an obvious agenda, and failed to listen to anything that anyone said. The fact that SmoothWall is designed to protect your LAN **from** the Internet was ignored. SmoothWall was not designed to protect your LAN **from** internal users. Regardless of this, there is only a single account that has a shell - "root" - and shadowing passwords and hiding passwords from this user is next to useless. If someone manages to gain shell access to the SmoothWall machine, they already have root access. Your box is gone. Just remember that this has not happened. There have been no known successful hacks on an un-modified SmoothWall. Secure? Yes, it is. Regards, HiltonT

Re:No more comments on Morrell, please! Try IPCop!

[wpanderson]

Once again, another ipcop troll/spam. ipcop is a project whose manager is spamming unrelated mailing lists about their SmoothWall fork. Yes, that's all it is, a fork. Plus it's a project that's having to be reminded by SourceForge of their obligation as a GPL-derived project by giving proper and full due credit to the project they are derived from.

slashdot only for Trolls

Soon everyone will realize that slashdot is only for trolls, and no one else.

Furthermore, science is for gayrods.

--WinXP forever.

Re:Not a real firewall review

w3rd! +h15 d00d fu>0ring 0wNz y0ur @55

gr33tz to pr0pz4, p1mpz0r 4nd nUmBnUtZ

Re:My Experience with Smoothwall's Richard

[wpanderson]

> It was the eve of the 0.9.8 release

It was actually the eve of the 0.9.9 release, 4 days after September 11th. As your email archive shows, I kept telling you to let things go - there were, and still are, worse things in the world to worry about than people giving you perceived attitude.

Go hug a loved one or something.
</peacenik>