SmoothWall 1.0 has been released and LinuxOrbit has a related article. On another distro release, for BeOS this time, Developer Edition v1.1 is out. It includes many new drivers and system improvements.
SmoothWall 1.0 Released
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
It’s nice to see that the devs of this project decided it was mature enough for a 1.0 release (especially now that 2.0 is at beta 2). Good solid product.
Any other thoughts on Smoothwall? How does it compare to other firewalls? Does anybody have a webpage explaining the differences/advantages/disadvantages amoung various firewalls ?
I haven’t tried any other software firewalls, but I can relate my experiences with Smoothwall. The updates are released pretty frequently and it is quite easy to update. Administration is easy as well (all done via the web interface). The fact that it supports many dynamic-dns/ip services is a nice plus. It is also very low maintenance (I visit the web interface rather infrequently, and I haven’t touched the box, which resides in my closet, since I installed it). If you are a newbie (which I was when I first set it up), the setup program can be a little hard to understand (the terminology is not explained directly in the setup, so if you don’t understand it, you don’t know what you are doing), and reading the setup documentation is a must. Other than that, it’s solid, and serves my purpose nicely.
I can only compare it to Shorewall, which was a PITA so setup.
Smoothwall is SO much easier to use and maintain. As Dave said, everything is set up using a web interface, including applying patches. It even finds available patches automatically.
Good intrusion detection and builtin whois (just mark the suspicious adresses and press whois).
The only downside is that it partitions your drive for you, wether you want it or not. So make sure you’ve backed everything up before installing it.
Quite similar to ipcop, indeed ipcop uses much of the same codebase. I have set up ipcop and it is painless, since they are so similar I would assume smoothwall is fine.
http://www.ipcop.org
See http://www.mandrakeforum.com/article.php?&mode=nested&sid=2435 for example,
Or do a google groups search for Richard Morrell.
IPCop’s main stable branch, version 0.1.1 or 1.1 (whatever they’re calling it this week), hasn’t had an update since July 2002. Since then, there have been vulnerabilities in FreeS/WAN, OpenSSL, and the Linux kernel to name a few. None of these have been patched, except in their development versions, and in the dev versions you are expected to rebuild a new version from CVS, or dig out one of their non-functional ISO builds (the last two builds of 0.1.2 or 1.2 didn’t boot from CD!), and reinstall from scratch – there are no security updates for their longstanding beta builds.
As a sidenote, they forked SmoothWall for show, for publicity. They keep vaunting that they’ll remove all SmoothWall code. This was going to happen in 2.0, right after 0.1.2 or 1.2. Now it’s going to happen around 1.5. Which comes after 1.3 and 1.4.
However, this isn’t a personal thing – I wouldn’t touch ipcop with a bargepole simply because the attitude there realistically is “let’s do this to annoy SmoothWall”, instead of “let’s provide the best security we can to our users”. There are actually companies deploying ipcop 0.1.1 to their customers! How can they justify deploying a platform that isn’t updated, and has been proven to be vulnerable to things like the OpenSSL worm!! Madness!
[this is my opinion, not necessarily that of my employer, or my project teammates]
I’ve had a SmoothWall box running at the office at my church for almost two years now. It supplies a network of four computers with dial-up internet access. I think it’s a great product. The only problem we ever had was when the log files filled up the partition… It stopped routing, and took me a couple minutes to figure out why. I set up a cron job to delete out all but the current and last backup every fourth month, and it’s been trouble-free for nearly a year. It runs on a headless 486/33 with 64MB RAM and 512MB hard-drive.
This is the first time I have ever heard anybody besides myself make this point, neuro. I would avoid IPCOP like the plague until they get their act together. Smoothwall is easy to administer (5 minute install, too!), but I wouldn’t use it “out of the box” as it does not filter ports above 1024. I never had a desire to use or learn IPCHAINS, so I have relied on FreeBSD and IPfilter, which is fairly easy to make incredibly stealthy. It is, however, a PITA to administer for a simple home gateway. I plan on installing 2.0 once it is released and modifying the rules to be more secure. Yet another packet filter to learn…
After reading the contents of the Developer Release 1.1, I decided to give it a try…. only to discover that this is yet another website that I have to register with just to get any where.
I could understand this if it were a “developers only” download… but this is clearly designed to be a product for the masses. It turns out that http://www.beosonline.com is yet another gay website that demands registeration to get anywhere.
What’s next? Do I have to sign a NDA stating that I won’t discuss what’s on the website? DNA sample? Do they want a pee test just to download a file?
Fine.. fine.. It’s their right to have whatever restrictions on their website that they wish. Just as it’s my right to tell them to piss off.