Computer security is shit

Yeah, I hear you. The reason I use it anyway is I think it’s overall very well-conceived; with just a modest bit of clicking around in the firewall setup screens, I can set up a PF rule set which matches what I once used to do with literally days of laboring over PF rules on an OpenBSD box. I used to be partial to setting up the firewall as a transparent filtering bridge, though now that I’m on a single IP from the cable company at home, I don’t bother and just make it the visible gateway.

I also like the package support - rather than shoe-horn everything under the sun into it, a lot of the services beyond the basics are optional packages which you can enable and download if you want them.

As to the PHP GUI, I think it was inherited from its predecessor, monowall (or m0n0wall if you’re real l33t.) The good news about the web UI is:

  1. It’s set up by default to be accessible from the “inside” interface only, and firewalled from the LAN side. Not a panacea, but cuts the risk.
  2. They’ve finally gathered the resources to rewrite it, and in the next version are ditching PHP for something called Bootstrap, so I feel better about that, even if it’s reasoning from ignorance.
2 Likes