M0n0wall Fork SmallWall Has First Official Release 34
New submitter houstonbofh writes: When the m0n0wall project ended back in February, many people just did not want to lose their small and lean firewall. And now, one of the forks, SmallWall, has released it's first non-beta release. It has some small improvements to the GUI, and now has added L2TP support. The announcement with the changes can be found here. Also, a partnership with MIXTPC was announced, allowing firewalls with SmallWall preloaded to be purchased. Their web store is here.
This is not ready for prime-time (Score:3)
User Handbook (single page) - Comming Soon!
Alright then, so there's no updated docs. I'll just click the handy link to The m0n0wall Documentation Project - Chris Buechler [smallwall.org]. Oh wait, it's a 404. Nice going guys.
Re: This is not ready for prime-time (Score:2)
Re: This is not ready for prime-time (Score:4, Informative)
The page actually exists. The link on the documentation page is incorrect. They used a relative link to something that should have been an absolute link.
href="m0n0wall-docs.smallwall.org"
Re: (Score:2)
Also, bug in summary (Score:3)
Company is MITXPC, not MIXTPC. One seemingly refers to a small form factor PC and the other to a mix of toilet paper and crap.
Re: (Score:1)
so lean, many small (Score:3)
small and lean firewall
improvements to the GUI
Uh-huh.
Re: (Score:2)
I hope you don't mean on the client end, because that would make a ridiculous claim.
Or on the server end, because that, well, would make a ridiculous claim.
I'm not against offering a browser-or-whatever-based GUI, I just find it a stretch to call that a "small and lean" firewall.
Re: (Score:2)
Re: (Score:2)
You'd normally just wait for a router advertisement (ICMPv6) message arriving for the "all link-local nodes" multicast address (ff02::1).
If you don't feel like waiting for one, send a router solicitation to the "all link-local routers" multicast address (ff02::2), the router(s) will respond with router advertisements (possibly via unicast in this case, not sure).
The router advertisement contains the (64 bit) interface identifier; the router is then reachable on the link-local unicast address fe80::.
In unix,
Re: (Score:2)
[...] on link-local unicast address fe80::<interface identifier>.
m0n0wall, m0n0wall, pudding and pie. (Score:2)
Re: (Score:2)
Because someone has already done the hard work for you.
Time to do what you want to do = 2-4 hours or more.
Time to dump an image to a CF card and boot it - 2 minutes.
Plus, if it's based on m0n0, it'll run out of the box on embedded systems like Alix and Soekris boxes, which are amazingly reliable embedded x86 systems with no moving parts. I've got Alix-based m0n0 firewalls out there that haven't been rebooted in years and they just keep going. It's also designed to run from flash media, so writes (for logs e
Re: (Score:1)
> why do I need this?
If you don't need such a thing, then please tell me how to make a Linux box with two network interfaces, one connected to a cable modem, and another to a switch that serves the rest of the household LAN, accept an IPv6 routing prefix from the cable modem and pass it along to the rest of the household LAN, and route packets to/from that LAN, and do all of the other shit people just expect to work, e.g. a DNS server which allows any computer on the LAN to look up the address of any oth
Re: (Score:2)
Hey, you forgot to write your own web-based interface so that even a complete nufty can edit firewall rules nat port mappings etc ;-)
Re: (Score:2)
I actually had missed the news that the M0n0wall project was over. But even if it is, one of its derivatives is pFsense. What is pFsense missing that makes people want to fork M0n0wall?
On the stuff you describe, from what I have followed, the support of both M0n0wall and pFsense for IPv6 has been rather behind, compared even to Linux, and definitely way behind that of FreeBSD. It would seem to me that if someone wants to do a full fledged implementation of an IPv6 firewall/router OS, a good starting p
Re: (Score:2)
I actually had missed the news that the M0n0wall project was over. But even if it is, one of its derivatives is pFsense. What is pFsense missing that makes people want to fork M0n0wall?
It is not what it is missing, but what it has... m0n0wall was (and SmallWall is) smaller, and leaner. Less services means less attack vectors. It is also easier to configure correctly for novices. But the big thing is that some people are fundamentally against "kitchen sync" appliances where everything is on one box. Sometimes, separation of jobs is a very good thing.
I am not saying pfSense is bad. It is a good system, and Chris is a good guy. But I prefer solutions where the components do one thing,
Comment removed (Score:3, Interesting)
OPNsense (Score:2)
The newest offspring, OPNsense (https://opnsense.org), aims to continue the open source spirit of m0n0wall while updating the technology to be ready for the future. In my view, it is the perfect way to bring the m0n0wall idea into 2015, and I encourage all current m0n0wall users to check out OPNsense and contribute if they can.
Manuel Kasper
His idea to have a web-based GUI to control all aspects of the firewall has become the standard for many open source and commercial solutions.
The single XML file to store its entire configuration is another example of the miracles Manual brought to life.
So is SmallWall in any way related to OPNsense?
Re:OPNsense (Score:4)
Hello,
as announced earlier, the m0n0wall mailing list and forum are now frozen. This is the final message, and I would like to take the opportunity to thank all those who have sent me emails with kind words and expressions of gratitude. They were too numerous for me to reply to individually, but they were all very much appreciated!
There have been some questions on what the way forward is for current m0n0wall users. If you are happy with the current feature set of m0n0wall and just need a security patch, bug fix, hardware compatibility update or minor improvement now and then, there are two nascent projects started by former m0n0wall developers/users that may have something for you: SmallWall and t1n1wall.
For a more feature-rich alternative that is still based on FreeBSD and has the same roots, both pfSense and OPNsense (which is a fork of the former) are excellent choices. They have higher hardware requirements than m0n0wall, but on the other hand, a lot of new embedded hardware has recently become available, with 2 GB or more of memory and 1 GHz or faster CPUs, at a similar price as earlier platforms. It makes sense (pun intended) to use these additional resources - something that m0n0wall hasn't been particularly good at in recent times. Just keep that in mind for your next hardware upgrade.
Farewell, fellow m0n0wall enthusiasts.
- Manuel
28 February 2015
Both SmallWall and t1n1wall.com are lean, and purpose built firewalls that do only one thing. They are not kitchen sink applications. They are meant to plug into web filters, not to be web filters.
pfSense, and OPNsense are extensible firewalls with a plug in architecture. While expandable, they are more complex and heavier weight. A good example is to compare traffic shaping between them... M0n0wall, SmallWall and t1n1wall will win that contest hands down!
Re: (Score:2)
One thing to compare is the hardware requirements for running OPNsense versus m0n0wall or SmallWall. OPNsense requires essentially a fairly modern computer, whereas I run m0n0wall currently on a 15+ year old 600Mhz P3 (which spends about 90% of its time twiddling its thumbs). I'm guessing that almost no one who was running m0n0wall is able to install OPNsense on the same hardware, as the requirements for OPNsense would be extreme overkill for m0n0wall.
That does bring up an interesting question about the M
Re: (Score:2)
One thing to compare is the hardware requirements for running OPNsense versus m0n0wall or SmallWall. OPNsense requires essentially a fairly modern computer, whereas I run m0n0wall currently on a 15+ year old 600Mhz P3 (which spends about 90% of its time twiddling its thumbs). I'm guessing that almost no one who was running m0n0wall is able to install OPNsense on the same hardware, as the requirements for OPNsense would be extreme overkill for m0n0wall.
That does bring up an interesting question about the MIXTPC boxes. My understanding is that m0n0wall will only use one core in a multi-core system, a few tens of MB of disk space, only and certainly won't use more than 128MB of ram. The MIXTPC boxes will still work, but even the cheapest one at $250 is way more than you'll need.
You are correct in that any modern box is overkill. But there is really no new hardware that is any cheaper... And SmallWall can use more than 128 meg of ram, as some tables live in ram and can grow large in heavy use environments. But I have seen very few boxes use more the 512 meg.
As to multi-core, that is on the roadmap. It will be easier to support when the base is moved to FreeBSD 10.1 in the future.
OPNSense not really M0n0Wall successor (Score:2)
OPNSense is more of a fork of pfSense and competes with that project. In fact, OPNSense was pretty much born of the fact that the pfSense developers made their development tools proprietary-licensed and pissed off some 3rd party developers as well as scaring a larger group of people that the whole project might become closed-source. SmallWall keeps the tiny aspect of M0n0Wall as a firewall and little else while *Sense are network security appliances, Asterisk servers, and pretty much anything else you wan
Re: (Score:2)
None of these are as small as *WRT distros and they still to this day only run on x86 and x64, but you get OpenBSD's packet filter (claimed by most to be superior to Linux's) bolted onto FreeBSD (for better hardware support?) and a BSD license if that matters to you.
Also, good luck getting a *wrt to give gigabit sustained transfers. :) SmallWall and m0n0wall on modern hardware can give 900meg sustained transfers all day, and can do some hefty encryption on the side if needed for IPSEC.
As to the projects that owe allegiance to m0n0wal, and the people that learned there... This is a quick peek at some of those people... http://www.smallwall.org/histo... [smallwall.org]