[KLUG Members] m0n0wall firewall

[Adam Williams]

> I *assume* everone on the planet (except me) has heard of this
> firewall: http://m0n0.ch/wall/

Nope, not me anyway.  But I've been accused of living under a rock.

> "m0n0wall is a project aimed at creating a complete, embedded
> firewall software package that, when used together with an embedded
> PC, provides all the important features of commercial firewall
> boxes (including ease of use) at a fraction of the price (free
> software).

Another one!  <RANT>Sheeeesh, if all these people took their free time
and contributed to something that hadn't been done 100,000 times
before.... (and 99.44% of them fail anyway - at least on the ease-of-use
end; or they've just never used a real commerical firewall and have no
idea what it means to have BOTH features and ease-of-use).</RANT>

> m0n0wall is based on a bare-bones version of FreeBSD, along with a
> web server (thttpd), PHP and a few other utilities. The entire
> system configuration is stored in one single XML text file to keep
> things transparent.
> m0n0wall is probably the first UNIX system that has its boot-time
> configuration done with PHP, rather than the usual shell scripts,
> and that has the entire system configuration stored in XML
> format."

Well; at least the XML configuration file is a good idea.

Actually, at a glance, this looks like it might actually not suck.  I'd
be very interested if the ipSEC implementation really "just-works"; that
would be a stunning first.

I'm puzzled by their claim that their PPTP daemon supports OpenRADIUS
since OpenRADIUS doesn't support M$-CHAPv2 - without which the 128-bit
encryption isn't stateless (AFAIK) - and is really a total joke.  That
in itself might merit a download to check out.