This was posted on 6/19/10 at the untangle forums
Is this how all software firewall installs work? That is a HUGE security vulnerability at startup.
Also found out untangle does not drop ICMP packets since it works at the UDP/TCP level. Additionally, I do not utilize SMTP email so the spam and phish blocker won't help me.
Not sure untangle is the way to go for me. Is this true regarding the kernel and when the UVM is loaded?
The UVM only processes TCP and UDP packets. This is done for performance. All packets transferring from one interface to another on the Untangle server are subject to the UVM.
This is why by default the DMZ is bridged to external. You can assign servers Internet IP addresses, and defend them with the UVM's abilities transparently. More and more people are wanting to configure Untangle for the more traditional routed and NAT'd DMZ approach... but such a thing is more difficult.
You should also be aware that the bridging or routing is performed by the Linux kernel. In cases when the UVM is offline, packets will pass uninspected. This leaves every Untangle server an opening for a few seconds to a few minutes on each reboot. There is a gap between when the java runtime spins up and loads the UVM, and the kernel starts passing packets.
Is this how all software firewall installs work? That is a HUGE security vulnerability at startup.
Also found out untangle does not drop ICMP packets since it works at the UDP/TCP level. Additionally, I do not utilize SMTP email so the spam and phish blocker won't help me.
Not sure untangle is the way to go for me. Is this true regarding the kernel and when the UVM is loaded?