I spent about 10 hours today working on m0n0wall... and you bet, I turned
quite a few things upside down! :)
Here's the one big change:
- completely reworked DMZ/WLAN interface support. The concept of DMZ/WLAN
is gone; every interface other than LAN and WAN (which retain their
special meaning for the time being) is now just referred to as an
"optional interface" (which may have a custom name assigned to it).
Wireless interfaces are no longer restricted to specific functions (i.e.
they may be used for LAN, WAN or optional interfaces). The number of
optional interfaces is essentially unlimited (you can assign as many of
them as you have via the console menu).
And yes, again - as a side effect, this change also means that you can now
use a wireless interface for WAN. That was by far the most popular
You can upgrade any version of m0n0wall to pb11; the configuration will be
automatically converted to reflect the new architecture (including
firewall/shaper rules) on the first boot. Filter and traffic shaper rules
that have interfaces or source/destination networks that don't exist
anymore (e.g. if you have DMZ rules but the DMZ interface is not set) will
be removed. Please don't forget to make a backup copy of your
configuration before you upgrade - just in case...
I think this change is very important to the future of m0n0wall; now that
the architecture has been cleaned up quite a bit (I'd still prefer to have
LAN and maybe even WAN lose their special status, but that would just
require too many changes at this point), I can focus on the smaller issues
(time, NAT on/off, etc.). Besides, show me one commercial firewall
manufacturer (except for CheckPoint) that offers that kind of flexibility
(and for free ;) ...
As always, please test thoroughly and let me know of any inconsistent
OK, that said, there's another thing that's been bugging me for some time.
I already posted to soekris-tech about this, but nobody seemed to have a
clue: a few buddies of mine have m0n0walls (on net4501s) that crash every
few days (anything between 2 and 6 days) - they don't respond to pings
anymore, and while the serial console still echoes characters, the menu is
gone, too. They have to be power-cycled to make them work again. I see
this on the newer of my net4501's (one with the serial double-character
bug), too, while it has never ever happened on an older box (that doesn't
have the serial bug, BTW). My buddies' m0n0walls are either from the same
order as my newer box or ordered shortly after it.
This happens in three different (physical) locations; the only common
thing is that all use PPPoE on WAN.
The interesting thing about this is that in exactly the same situation
(connected to the same cables and power supply and running the same
version and the same configuration), the newer net4501 crashes while the
older one doesn't.
I also noted that the newer one reports net45xx during POST while the
older one says net4501 (both at BIOS 1.15). I strongly suspect some
hardware change has occurred sometime after I ordered the first one.
I would love to hear from anybody who is experiencing the same issue, and
likewise, from people who use m0n0wall on a net45xx and have never
experienced this problem at all (i.e. uptimes > 7 days and especially with
Now go download that release and have fun! :)