Maybe we should begin dialog about m0n0 branches. I like the purist idea of 
m0n0 as a firewall only but what if there were branches like m0n0IDS and 
m0n0Proxy and m0n0AP?

I strip the captive portal stuff outta my vanilla firewalls.....

Of course the burdeon would not be on Manuel to maintain these "ports".

Thoughts??

Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311


Quoting Ziekke <ziekke at ziekke dot net>:

> I would be interested in the Snort and Squid patches. Are they available 
> anywhere right now? Along with, perhaps, instructions on their use?
> 
> I'd rather run snort right off my firewall than run something against 
> the filter log, for obvious reasons.
> 
> Please let me know!
> 
> > 
> > 
> > sylikc wrote:
> > 
> >> Jean,
> >>
> >>
> >>>        I'm replying this message cause I fully desagree with the 
> >>> statement
> >>> that m0n0 whould not evolve with new and very usefull things just cause
> >>> people use it inside soekris or wrap boards.
> >>>        I personally use it in most cases within wrap boards, but I 
> >>> have some
> >>> cases where I run mono inside Dual Xeon 2.8 - 4 Gb RAM. Why we can not
> >>> have this stuff in m0n0, but disabled? if you choose to run m0n0 inside
> >>> a SBC board, no problem, just keep this features disabled, but if you
> >>> have machine power why not?
> >>
> >>
> >>
> >> Wow, I think you're one of the few that would run m0n0 on a Xeon, much
> >> less a dual Xeon with 4G of RAM.  Sheesh... How much RAM does your
> >> modded m0n0 use in that environment?  I can't get my base m0n0 to use
> >> any more than 47MB ;)
> > 
> > 
> > Easy, what is needed is a systcl configuration and a kernel rebuild, 
> > even to work with SMP. In this machines I also have 4 Gigabit interfaces 
> >  and keep more than 200 VPNs simultaneously with a 10Mbit/s internet 
> > link, and behind this m0n0 I have more than 700 computers and 20 servers.
> > 
> >>
> >>
> >>
> >>>        the problem may be the U$3,00 plus to go from a 32MB CF to a 
> >>> 64MB? I
> >>> don't think so. Or may have more RAM, but this is a real problem?
> >>>        I developed lots of stuff to m0n0 in the last 3 months, but I 
> >>> gave up
> >>> to post here, cause the answer is allways the same: "Bullshit, m0n0
> >>> isn't developed for this purpose". Among this things I have squid
> >>> integration in 1.2b1, snort integration in 1.2b1, database support for
> >>> logging purposes, an even the internationalization. All of them ( don't
> >>> really think this ) too heavy for SBC boards, but not to the PC case.
> >>
> >>
> >>
> >> I think m0n0's design goal started from gearing towards embedded, and
> >> the main developers continue their work geared towards an embedded
> >> platform.  This has, for the most part kept the m0n0 distro small and
> >> the core requirements as lean as possible.
> >>
> >> We should get another list going, called the "m0n0 for full power PC"
> >> list, where people share their mods in patching up m0n0 with the
> >> latest squid or snort.  There's always a few posts every here and
> >> there about integrating some full powered package into m0n0.  I can
> >> see how the main distribution branch of m0n0 might not want to have
> >> this complication as m0n0 serves it's purpose quite well in its
> >> current minimalistic form.  However, a new list where all the PC
> >> developers coming together might just end up being a branch of
> >> m0n0wall.
> > 
> > 
> > I've already thought about this. I've also already started a SF project 
> > called m0n0Patches (not aproved yet, but in meanigs of being). But one 
> > thing I don't really want is to fork this effort into a new project. As 
> > you said M0n0 core team has developed a great package, and they are not 
> > open to new ideias, but this is not sufficient to undeserve their work.
> > 
> > The other thing is that every single patch I wrote to m0n0 was 
> > discarded(ignored, not even commented), even those ones that had not the 
> > purpose of changing m0n0, but let it able to certify ICSA. I had the 
> > oportunity to pay to m0n0 to be ICSA Firewall certified, but with I had 
> > to say to my client to by a netscream firewall, cause m0n0 would never 
> > be ICSA certifiable.
> > 
> > One thing that can really stop this problems is m0n0 having a WELL 
> > DEFINED API to integrate modules, like a new feture in menu to upload 
> > modules. I was figuring out about how to do this, and I can say that it 
> > is not easy, but it is possible (maybe having new filesystems mounted 
> > for each module). And with this API defined and people writing the 
> > modules, the users can chose what they use, all this without a fork in 
> > m0n0 project.
> > 
> >>
> >> I, personally would be quite interested to see your patches for squid,
> >> snort, and full database logging capabilities.  (I'm sure others would
> >> too, seeing as there were posts earlier about it).  I've seen other
> >> commercial solutions out there that aren't half as feature rich as
> >> m0n0 but just happen to have extensive logging and proxy support where
> >> I've had to recommend it to a client while I would have much rather
> >> implemented a m0n0wall instead.  
> > 
> > 
> > this was what I tried to meant earlier. I really thing m0n0 is cool, but 
> > to be really usefull everywhere it needs some new features.
> > 
> > I will release my patches in more one month. Cause I'm working heavelly 
> > on squid patch to have NTLM integration, and to have a good ACL edition 
> > system. The Internationalization patch is done, what I need are the 
> > translators(anyone?). The snort one is just a copy of one patch that was 
> > posted here aplied to m0n0 1.2b1. The security patch I have is just to 
> > close m0n0 to the ICSA labs certification.
> > 
> > 
> > Jean
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>