Agree with your opinions. +1dondavis007 wrote:Off cource it's good to have a good firewall in the nas, most people don't have a Juniper or piece of a Clavister Wolf series at home
What I can see this OS just have port forwarder and an auto block, you can't use anything more advanced on the osi-layer that I know of?
I'll also say that it's good to have a good firewall behind even a hardware firewall, if you running it in a bigger environment or just don't want your brother trying to hack your old software
I'm not saying there is no need for a firewall on the NAS, but if you need to block certain ports from the internet I have to ask why the internet has access to those ports in the first place. I do not believe any NAS is designed to sit on the internet but on a lan. and that in my opinion that lan should be firewalled from the internet and only relevant ports exposed. If I want to run a webserver on my NAS I would open port 80 and forward to the NAS and only port 80. Therefore the NAS does not need to block any other port as the internet has no access to them. In a domestic environment a basic firewall on an openwrt or ddwrt router is probably ample if care is taken in network configuration. Investing in a bespoke firewall on the NAS like AV on the NAS could lead end users into a false sense of security especially if they use upnp. There is nothing wrong with having everything firewalled if it is done right, it is just that for most users it could end up causing problems and a false sense of security and a lot of work, a properly crafted firewall is a thing of beauty, a badly crafted one is a disaster waiting to happendondavis007 wrote:Off cource it's good to have a good firewall in the nas, most people don't have a Juniper or piece of a Clavister Wolf series at home
What I can see this OS just have port forwarder and an auto block, you can't use anything more advanced on the osi-layer that I know of?
I'll also say that it's good to have a good firewall behind even a hardware firewall, if you running it in a bigger environment or just don't want your brother trying to hack your old software
and I have more than my share of disasters which is why I would rather have it as an app that is an option to install for those that believe they need it and are willing to spend time configuring it and learning how to use it.ho66es wrote:I'm not saying there is no need for a firewall on the NAS, but if you need to block certain ports from the internet I have to ask why the internet has access to those ports in the first place. I do not believe any NAS is designed to sit on the internet but on a lan. and that in my opinion that lan should be firewalled from the internet and only relevant ports exposed. If I want to run a webserver on my NAS I would open port 80 and forward to the NAS and only port 80. Therefore the NAS does not need to block any other port as the internet has no access to them. In a domestic environment a basic firewall on an openwrt or ddwrt router is probably ample if care is taken in network configuration. Investing in a bespoke firewall on the NAS like AV on the NAS could lead end users into a false sense of security especially if they use upnp. There is nothing wrong with having everything firewalled if it is done right, it is just that for most users it could end up causing problems and a false sense of security and a lot of work, a properly crafted firewall is a thing of beauty, a badly crafted one is a disaster waiting to happendondavis007 wrote:Off cource it's good to have a good firewall in the nas, most people don't have a Juniper or piece of a Clavister Wolf series at home
What I can see this OS just have port forwarder and an auto block, you can't use anything more advanced on the osi-layer that I know of?
I'll also say that it's good to have a good firewall behind even a hardware firewall, if you running it in a bigger environment or just don't want your brother trying to hack your old software
