Hi,

First of all, monowall is a great project. I was able to set up a /28 
network with VoIP trafficshaping, static routes, and ad hoc firewall rules 
in minutes. This is the reason that i would recommend monowall to anyone.

After some time special requirements and needs started to be dropped on my 
desk. In some cases, monowall is not enough. For this reason, here's my 
humble requirements for a perfect firewall:

1) Gui as today. Most things are handled in seconds.
2) Better support for statefull inspection/passthrough of special protocols 
(e.g IPSEC, ICA)
3) A better interface (than SNMP) for realtime monitoring and configuration. 
This interface (to the core) could be a set of webservices. This would 
enable heavyweight GUI komponents to be hosted on an external (LAN) host.
4) Configurable event mechanism.

ad 2)
I have a couple of CISCO VPN clients running on LAN workstations. It was a 
pretty big job to get those running.

ad 3)
Realtime monitoring pr. IP, Port and trafficshaper rules/queues would make 
optimization so much easier.

ad 4)
I've spent hours with Etheral, ntop and monowall trying to debug certain 
problems. If i where able to set up some eventing mechanism, it would have 
saved me a lot of time. Event could be sent for congestion, use of specific 
protocols, specific clients (mac addresses) becomming active etc. Eventing 
could be based on e-mail notifications or using the previously mentioned 
webservices.


BR
Søren Vanggaard Jensen