m0n0wall 1.3b16 released

It’s been exactly 6 months since the last release (1.3b15), but m0nowall is not dead: beta 1.3b16 is now available.

The developers have been busy with a kernel security bugfix (arc4random),  support for Broadcom BCM5722 NICs, and IPv6  (DHCPv6, IPv6 webGUI access).

Detailed change log and downloads can be found at m0n0.ch/wall/beta.php

Regarding future development, 1.3 is planned to be released anytime soon, but the developers are looking for some help with the following. If you can help them out, just contact them:

  • replacing the legacy BRIDGE with if_bridge
  • improving captive portal reliability and performance (e.g. by introducing SQLite to replace the various flat text files and corresponding lockfiles)
  • adding support for address/network groups in firewall rules (via ipfilter’s ippool feature)

5 Best Linux/BSD Firewall tools

Matt Hartley has written an article on Intranet Journal about (in his opinion) the 5 best Linux/BSD Firewall tools:

  1. IPCop
  2. pfSense
  3. M0n0wall
  4. SmoothWall
  5. Linux LiveCD Router

Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach.

Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance.

He writes the following about m0n0wall and pfSense (both BSD firewalls):

M0n0wall

Regardless of a fantastic effort by IPCop, there is just something to be said about rocking solid BSD solutions. The first that comes to mind is that from m0n0wall. It’s small, 12 MBs small! That is the single biggest distinguishing thing to note about m0n0wall. Its size and portability, that is. Designed to be a replacement for those expensive firewall appliances used today, m0n0wall works on embedded machines, in addition to being quite useful on older x86 PCs as well.

Definitely a little more advanced from a usability standpoint than other solutions out there, but do not let this fool you, because m0n0wall is VERY powerful in all of its BSD goodness. This being said, it should be noted that even though m0n0wall is workable on a older PC, it shines best on embedded systems being used by more advanced administrators. Therefore, this is not a really good solution for new Windows converts looking to convert their old PC into something cool.

pfSense

From what I have been told, the pfSense project was started by the same people as m0n0wall. Those looking to revamp an older PC might be better off going with pfSense. Plenty of features to speak of. Most notable among them include:

  • Redundancy — By creating a fallover group, the network will remain secure even in the event of interfaces that go offline for some reason.
  • Load Balancing — Provides both inbound and outbound balancing between WAN connections or multiple servers, depending on which way the traffic happens to be going.
  • Captive Portal — Force the user to authenticate or simply find themselves redirected to wherever you wish.

Source (IntranetJournal – 16/12/2008)

m0n0wall: big friendly firewall power in a tiny package

m0n0wall is a specialized implementation of FreeBSD designed for routers and firewalls. It weighs in at well under 10 megabytes, but you still get a complete operating system, firewall, Web administration, traffic shaping, DNS server, DHCP server, SNMP, support for DynDNS updates and a whole lot more. m0n0wall offers a nice pointy-clicky interface for setting up a stout ipfilter firewall. For ultimate power, however, you really want to know how to write rules from scratch.

ipfilter rule syntax is not like iptables rules,…. more

release: m0n0wall 1.234

Manuel Kasper has announced the release of m0n0wall 1.234, a minimalist firewall distribution based on FreeBSD.

I’ve decided to create one more release in the 1.2x stable branch to add source port randomization (for both NAT and the DNS forwarder). This is a recommended upgrade for all 1.2x users, no matter whether you’re running a DNS server behind m0n0wall with NAT or not.

LINKS: Download (MD5) | Change log | Website

m0n0wall beta 12 and FreeBSD 7.0 based pfSense

The m0n0wall and the pfSense projects have released a beta and 2 alpha versions respectively.

m0n0wall 1.3 beta 12 is out, containing a new feature: IPv6 support (routing and firewalling). The change log and the download link can be found on the beta page.

pfSense has a 1.2.1 alpha snapshot available for testing. This version contains a few bug fixes and the base OS has changed to FreeBSD 7.0. There’s also a 1.3 alpha snapshot available for testing. This version brings significant changes from 1.2 and brings all the great new features that have been added to pfSense over the past 8 months.

For the pfSense download links, upgrade instructions and more information visit the pfSense blog.

Embedded Monowall: Installation (video tutorial)

This tutorial will guide you through copying the m0n0wall image to a compact flash card and the initial configuration of the m0n0wall on the ALIX embedded board. I will be using a VPN accelerator card since I will have about 10 IPsec tunnels actively running at one time. I would only recommend using the VPN accelerator card if you plan on maintaining several VPN tunnels at one time, otherwise it is overkill.

Read the step-by-step howto & watch the video here

BSD releases – week 9

Week 9 has been an interesting one for FreeBSD and FBSD based operating systems: FreeBSD 7.0 and pfSense 1.2 were released and there were some minor releases: FreeNAS 0.686.2 and m0n0wall 1.3b10.

FreeNAS 0.686.2

Majors changes:

  • Add ability to set a CIFS/SMB share read only.

Minors changes:

  • Add m4a/m4p support in MediaTomb configuration file.
  • Add /usr/bin/bc – An arbitrary precision calculator language

Bug fixes:

  • GID was not displayed correct on ‘Access/Groups’ WebGUI page.
  • Use inadyn-mt to 02.01.13 because all newer ones causes a core dump.

Permanent restrictions:

  • It is not possible to format a SoftRAID disk with MSDOS FAT16/32.
  • It is not possible to encrypt a disk partition, only complete disks are supported.

The latest version can be downloaded here.

On an additional note, the FreeNAS team have started porting FreeNAS to FreeBSD 7.0. This means  some big changes:

  • ZFS (Sun ZetaByte File System) will be included
  • The Web Interface will undergo a full review, especially the disk management/mount point process for permitting real share configuration (with permission and quotas support).

I’ve been using FreeNAS for a month now and I’m excited about the upcoming FBSD 7.0 based version.  Keep up the good work!

m0n0wall 1.3b10

m0n0wall beta version 1.3b10 is ready; no new features have been added, but the base has moved to FreeBSD 6.3 and a few issues have been fixed; most notably:

  • PPPoE/PPTP client auto-reconnect
  • DHCP client (should hopefully not lose its lease anymore)
  • IPsec NAT-T fragments
  • intermediate SSL CA certificates now accepted

For the change log and the download links, http://m0n0.ch/wall/beta.php

7 Linux/BSD firewalls reviewed (incl pfSense & m0n0wall)

Wayne Richardson reviewed in total 7 different Linux and BSD firewalls back in Nov 2007 (ClarckConnect, Endian, Gibraltar, IPCop, m0n0wall, pfSense, SmoothWall) and compared them on basis of the following categories: setup, web-gui, extensibility and speed.

Since this is a FreeBSD blog I’ll just quote (with his kind permission) what he wrote about pfSense and m0n0wall. If you’re interested in the whole article and want to see how the BSD firewalls compare to Linux firewall, please refer to Wayne’s article.

pfSense was named the best firewall with a 95% pass rate; m0nowall received a 77% mark and was the smallest of the bunch.
Continue reading