Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 2525 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non Sophos binaries (or feature request for new installed utility)

Greg Oliver

Hi,

 

I have in the past used the XG Home firewall and set it up for a friend last week who has new children to protect and have decided I want to move back to it as well.  I have a more complex home network (and needs) than he did, and need a couple more items as a result.

 

1.  Avahi (do not need any bus bindings) - I have an automated IoT household and my devices are all on a private / protected subnet currently.  Of course, they way all of our gadgets use mDNS nowadays, it makes it impossible to find them without a mDNS bridge or repeater.  It does not make sense to install another computer to bridge them as it just makes another security device to manage.  I do not mind installing my own compiled version of avahi, but it would be a nice feature of the home (and corporate versions - to find printers, eg) I think.

 

2.  NTP server / client - like chrony (do not think an explanation is required)

 

Questions:

1. Will the router drop packets with rule_0 before my rules to allow these connections to it  are applied?  I have not so fond memories of rule 0 :)

2. Has it been considered to allow rule 0 modifications yet?  It is really bad practice (I would never buy a product that did not allow me to modify *all* settings relating to my network) in my opinion.

 

Thanks in advance,

 

-Greg



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rfcat_vk

    No, I understand completely - I build global networks by day.  My issue with rule_0 is that it catches traffic I do not want caught (like dup packets on a single interface, or the same packet on multiple interfaces - a common DMZ setup)..

     

    I would have to create individual rules for each thing I find rather than turning the checks off and keeping my config simpler.  If it was in a corporate environment, I would have to train the damn NOC for all of these nuiances so they did not break stuff during maintenance windows and wake me up with the puzzled voice @ 2am  :)

  • 0 in reply to Greg Oliver

    When I was building networks not that long ago, I would want to know about duplicate packets because they mean you either have a failing device or a security issue where something is capturing and resending the packets eg spoofing.

    The only thing appearing on multiple interfaces should be broadcasts etc.

    ian