Samba Package - $125
-
If this does get implemented I would hope to see it turned OFF by default as extra services such as this on a firewall would be quite a security risk.
-
IF this gets implemented it will for sure be a package and not be shipped with the default install. You will have to manually add it.
-
I don't understand this. Why would anyone even want a package such as samba to even be available for a firewall? What on earth would you use this for?
Not trying to be rude, i just want to know what you are thinking/planning.
-
A firewall is a firewall and not a file server, sorry
-
I was going to point the original poster to the FreeNAS project yesterday until I realized he wanted to use all of the "extra" space on those 80 GB drives when pfSense is installed on them so FreeNAS isn't a player.
I agree on the "no extra services on a firewall" approach with the rest of the crowd so I'd say to "bite the bullet" on the wasted disk space.
-
While most of us agree that a file server on a firewall isn't ideal, and wouldn't do it ourselves, for some people in some circumstances it's acceptable for them to do this.
This is a perfectly legit bounty. I don't know that there will be much interest in it at this point from any developers, but it's worth putting out there.
One of the reasons this project was created was because m0n0wall maintains a very purist approach, which I personally love. But we're giving people the ability to have additional functionality, though with the potential of shooting themselves in the foot, with the package system.
Rest assured there will never be anything of this nature in the base system, but expect to see all kinds of things you purists don't want on a firewall available in packages.
-
A firewall is a firewall and not a file server, sorry
then why have the squid server package? a proxy server isn't a firewall
why the freeraduis package? a firewall isn't an authenticating server (if so why not add authpf?)
iminspector pkg? a firewall isn't an im inspector
spamd pkg? a firewall certainly isn't a spam honeypotall that aside the pfSense project was ment to run on a lot beefier hardware than that of m0n0wall. That being said, since one of the cheapest hard drives you can get is an 80gb, why not use it?
from the main page-
"pfSense is a open source firewall derived from the m0n0wall …... integrated package management system for extending the environment with new features."The samba pkg is a perfectly viable feature to add. While I understand why some of the core guys will not want to add this to the base system, I think it would be a perfect add on. I have a couple offices that I run pfSense at and would love to use it just as a secondary backup for the file servers on site.
This and/or an rsync feature would be awesome, and we're willing to kick off the bounty at $125.
i hope others follow suit.as for the security risk, would it be easier for someone who creates the pkg to put it under a jailed environment? I've setup a jail in pfSense with FreeBSD 6.1 inside, and it was fairly trivial to do, so it would probably be the best solution for a Samba pkg.
-
@cmb:
But we're giving people the ability to have additional functionality, though with the potential of shooting themselves in the foot, with the package system.
-
As already explained features like a Samba server will be implemented as an installable package.
So it won't be part of a pfSense base system and hence there's no security risk per se.Samba supports is already part of the FreeNAS package. But this package does not work with the stable version of pfSense!
There's also a design issue whether to store Samba users and groups locally or to use some kind of a backend like a LDAP directory for example. So I would like to ask the original author of this bounty to provide a detailed spec which outlines which Samba feature must be supported (Samba comes with a bunch of tweakable features) and where to store users and groups.
Btw, I'd like to suggest creating a spec prior to posting a bounty as a standard approach cause it really ease the process of creating the actuall piece of software.
Cheers
Daniel S. Haischt -
A firewall is a firewall and not a file server, sorry
I agree. (It does not look as a good security practice to me either).
FYI: take a look at the Openfiler project on the net. It is for me the 'PfSense under the fileservers'. -
how about running it within a jail? or maybe someone could make a package for a full on jail under pfSense?
-
how about running it within a jail? or maybe someone could make a package for a full on jail under pfSense?
Please explain 'it' (Samba or Openfiler).