Hello John,
VLANs on monowall works like any other 802.1Q device. The bit that foxed me
was the "assign" link, right hand side of the interfaces title. Quite
obscure I think.

You can definitely add custom services, though they do seem to be confined
to per rule, not as a group that you can re-use. 

I have been working with Checkpoint on NT/Nokia platforms for the last few
years and the have just recently had to learn fw the Netscreen way. The
zones, trusted / untrusted takes getting used to and the way NATing is
antispoofng is handled really gets my head in a spin. Ever tried source and
destination NATing on the Netscreens ? Too many MIPS, VIPS, SIPS etc. The
virtual routers concept is well cool though.

Any how, since we are here to talk about monowall, so far I've used it for
about 1 month and I think it is great, better than any of the linux based fw
distros ou there. 

Things I'd like to see are : 
1) groups for hosts and services
2) support for more gigabit NICs 
3) more diag tools like tcpdump or flowfilter a la netscreen
4) ssh cli access (although this might go against monowall's concept)
5) multiple virtual routers like netscreen

Regards
firestorm

-- 
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl