I would be interested in the Snort and Squid patches. Are they available
anywhere right now? Along with, perhaps, instructions on their use?
I'd rather run snort right off my firewall than run something against
the filter log, for obvious reasons.
Please let me know!
> sylikc wrote:
>>> I'm replying this message cause I fully desagree with the
>>> that m0n0 whould not evolve with new and very usefull things just cause
>>> people use it inside soekris or wrap boards.
>>> I personally use it in most cases within wrap boards, but I
>>> have some
>>> cases where I run mono inside Dual Xeon 2.8 - 4 Gb RAM. Why we can not
>>> have this stuff in m0n0, but disabled? if you choose to run m0n0 inside
>>> a SBC board, no problem, just keep this features disabled, but if you
>>> have machine power why not?
>> Wow, I think you're one of the few that would run m0n0 on a Xeon, much
>> less a dual Xeon with 4G of RAM. Sheesh... How much RAM does your
>> modded m0n0 use in that environment? I can't get my base m0n0 to use
>> any more than 47MB ;)
> Easy, what is needed is a systcl configuration and a kernel rebuild,
> even to work with SMP. In this machines I also have 4 Gigabit interfaces
> and keep more than 200 VPNs simultaneously with a 10Mbit/s internet
> link, and behind this m0n0 I have more than 700 computers and 20 servers.
>>> the problem may be the U$3,00 plus to go from a 32MB CF to a
>>> 64MB? I
>>> don't think so. Or may have more RAM, but this is a real problem?
>>> I developed lots of stuff to m0n0 in the last 3 months, but I
>>> gave up
>>> to post here, cause the answer is allways the same: "Bullshit, m0n0
>>> isn't developed for this purpose". Among this things I have squid
>>> integration in 1.2b1, snort integration in 1.2b1, database support for
>>> logging purposes, an even the internationalization. All of them ( don't
>>> really think this ) too heavy for SBC boards, but not to the PC case.
>> I think m0n0's design goal started from gearing towards embedded, and
>> the main developers continue their work geared towards an embedded
>> platform. This has, for the most part kept the m0n0 distro small and
>> the core requirements as lean as possible.
>> We should get another list going, called the "m0n0 for full power PC"
>> list, where people share their mods in patching up m0n0 with the
>> latest squid or snort. There's always a few posts every here and
>> there about integrating some full powered package into m0n0. I can
>> see how the main distribution branch of m0n0 might not want to have
>> this complication as m0n0 serves it's purpose quite well in its
>> current minimalistic form. However, a new list where all the PC
>> developers coming together might just end up being a branch of
> I've already thought about this. I've also already started a SF project
> called m0n0Patches (not aproved yet, but in meanigs of being). But one
> thing I don't really want is to fork this effort into a new project. As
> you said M0n0 core team has developed a great package, and they are not
> open to new ideias, but this is not sufficient to undeserve their work.
> The other thing is that every single patch I wrote to m0n0 was
> discarded(ignored, not even commented), even those ones that had not the
> purpose of changing m0n0, but let it able to certify ICSA. I had the
> oportunity to pay to m0n0 to be ICSA Firewall certified, but with I had
> to say to my client to by a netscream firewall, cause m0n0 would never
> be ICSA certifiable.
> One thing that can really stop this problems is m0n0 having a WELL
> DEFINED API to integrate modules, like a new feture in menu to upload
> modules. I was figuring out about how to do this, and I can say that it
> is not easy, but it is possible (maybe having new filesystems mounted
> for each module). And with this API defined and people writing the
> modules, the users can chose what they use, all this without a fork in
> m0n0 project.
>> I, personally would be quite interested to see your patches for squid,
>> snort, and full database logging capabilities. (I'm sure others would
>> too, seeing as there were posts earlier about it). I've seen other
>> commercial solutions out there that aren't half as feature rich as
>> m0n0 but just happen to have extensive logging and proxy support where
>> I've had to recommend it to a client while I would have much rather
>> implemented a m0n0wall instead.
> this was what I tried to meant earlier. I really thing m0n0 is cool, but
> to be really usefull everywhere it needs some new features.
> I will release my patches in more one month. Cause I'm working heavelly
> on squid patch to have NTLM integration, and to have a good ACL edition
> system. The Internationalization patch is done, what I need are the
> translators(anyone?). The snort one is just a copy of one patch that was
> posted here aplied to m0n0 1.2b1. The security patch I have is just to
> close m0n0 to the ICSA labs certification.