256MB in 2016 is not onerous.
That's my point. Not that router firmware is/should be in the same league as pf or ipfw, but my understanding is that the latter are 'cheap' in terms of cpu/ram. In THEORY, and since FreeNAS already seems to be a schizo (not perjorative, but as in VERY versatile) OS, it could ship with locked-down features that are a-la-carte enabled, ports opened etc. following proper engineering/GUI design. Example, enabling CIFS looks to see if machine's IP is LOCAL, other wise can't be enabled. Interactive warnings and guidance, etc. And I imagine things do get
messy fast, and resources would be stretched.
But why not have some sort of port knocking or fail-to-ban auto configured(through GUI input) as the default? This would be easy to implement I think and not stress the box right? I imagine SSH is the most used/usefull service and also the most commonly mis-used in risky ways? There is no fail safe for the poor sods that do make mistakes....god even plugging in the wrong CAT cable by accident in an enterprise.
To Be Clear, Mr Grinch, I think is NOT wrong. But store bought routers have usb ports (shiver me timbers) and http GUIs. Mind you those are for SOHO and not FreeNAS' primary target market apparently. Also as mentionned a firewall would be usefull on some intranets and small business networks also I think.
Seems to me despite the SHODANS, and since FreeNAS does want to auto-update???? a Firewall TAB would not be ridiculous. Just my 2cents. Most OSs ship with firewalls, and I think data safety could be improved. But again, that might be mission creep and OBVIOUSLY nobody should be advised to put the FreeNAS
on the internet. This is just my impression as a casual user, I do not have the Mr Greco's intimate knowledge of the product. So I think his main point stands.
P.S. Are there a lot of
Gotchas to running a firewall in a jail ? Is it very complex or complicated?