[ previous ] [ next ] [ threads ]
 
 From:  Roberto Pereyra <freebsd at gualeguaychu dot gov dot ar>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Status report
 Date:  Fri, 31 Oct 2003 09:56:37 -0300 
Hi Manuel

Bridge filtering between LAN and WAN interface would be of great utility.

Thanks a lot

roberto





On Thu, Oct 30, 2003 at 10:20:02PM +0100, Manuel Kasper wrote:
> Just so you all know I'm not dead or completely immersed in my studies: 
> I have just succeeded in converting m0n0wall to FreeBSD 4.9. Sounds 
> easy, but due to the countless patches and tweaks required (not to 
> mention the various platforms that each need different kernels and 
> bootloaders), it isn't all that easy. :)
> 
> The next things I'll tackle are finally integrating Petr Verner's 
> more-advanced advanced outbound NAT [tm] ;) patch as well as Bruce A. 
> Mah's filtering bridge patches (did I make any further promises?). 
> Bruce has figured out the cause of the problem that made me use 
> ng_bridge instead of BRIDGE in the first place, so we're now ready to 
> throw out ng_bridge altogether. Since filtered bridging is quite an 
> advanced feature, there will probably be a knob on the advanced setup 
> page to enable it. Yes, Bruce, I reconsidered enabling it by default 
> and decided against it. :) The reason? I figured that many (if not 
> most) people would use bridging to create a wireless access point 
> bridged with LAN, and filtering there would harm performance (overhead 
> of filtering, tons of state table entries created even with a pass all 
> rule, etc.). Besides, such a knob (while not an especially beautiful 
> solution, I agree, but so what...) will preserve backward compatibility 
> with respect to config.xml. Complaints may be sent to /dev/null. ;)
> 
> Besides, an official m0n0wall image for a new platform will be 
> released: the Wireless Router Application Platform from PC Engines 
> (www.pcengines.ch)! This will be an alternative to Soekris-based 
> systems (especially the net4801, as the specifications are very 
> similar). I have successfully tested m0n0wall on two beta boards and 
> must say that I'm very satisfied with them - excellent stability, "just 
> works". Production boards are expected to ship in January. Now you can 
> finally have an all Swiss made (well, designed at least) firewall... ;)
> 
> Greets,
> 
> Manuel
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>