Feature request

Home Page Forums Network Management ZeroShell Feature request

This topic contains 1 reply, has 0 voices, and was last updated by  msromike 11 years, 9 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #40762

    msromike
    Member

    It would be nice if ZeroShell included support for UPnP port forwarding. In the meantime is there a way for me to add that module to my hard drive insallation?

    #45824

    imported_fulvio
    Participant

    I don’t feel that the use of UPnP to automatically create port forwarding rules on a router is a good idea.
    When you use a router with the NAT enabled and on your LAN is assigned a private subnet (ex. 192.168.0.x), the hosts are automatically protected from malicious access incoming from Internet.
    But if the router UPnP aware, enable a port forwarding when a Virus which uses UPnP tells of doing it you expose your LAN to security risks (ex. backdoors).
    In any case, if you want to make your ZeroShell firewall UPnP aware, you should install linux-igd package (http://linux-igd.sourceforge.net/).

    Regards
    Fulvio

    #45825

    msromike
    Member

    @fulvio wrote:

    I don’t feel that the use of UPnP [..] on a router is a good idea. [..]

    with the NAT enabled [..] hosts are automatically protected from malicious access incoming [..]

    UPnP tells of doing it you expose your LAN to security risks [..]

    ZeroShell firewall UPnP aware, you should install linux-igd package [..]

    I thought you might say that. Anyone running this software should be knowledgable enough to know how their implementaion effects security.

    If you had your firewall configured to “deny anything not permitted” (Corporate LAN) then UPnP might foil your security plan. Most service providers and home users run a “permit everything that is not excluded” type of firewall. This type of malware is usually able to traverse a NAT box. Anyway, just another opinion.

    I had been looking at that package and am glad that you think it will work. Thanks.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.