> > > BTW: The ability to add "LocalNetworks" on the external interface > > > will disappear in a later version. It's a misfeature. > > I find it very useful in allowing remote management via SSH from selected > > addresses. I know I could use PPTP instead, but I like the way it allows > > external workstations to access FTP, SSH etc. > Sure, but they are not "local" networks, and should not be treated as > such. I agree that it would be nice to selectively allow some remote > networks/hosts access to certain services.
Perhaps the "ideal" solution is to remove "local" network support from a default install, and the allow installing it from a blade? For my money, VPN'ing in seems to be more secure, particularly if the user manager screen had a flag that can be used to turn on/off VPN access. (Yes, I know you can do it from the command line, but the point is that it's by default enabled for *everyone*... not really a good idea...) -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
