[ previous ] [ next ] [ threads ]
 
 From:  "Soren Vanggaard Jensen" <svanggaard at hotmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] The future
 Date:  Sat, 15 Oct 2005 06:02:08 +0000
Hi,

First of all, monowall is a great project. I was able to set up a /28 
network with VoIP trafficshaping, static routes, and ad hoc firewall rules 
in minutes. This is the reason that i would recommend monowall to anyone.

After some time special requirements and needs started to be dropped on my 
desk. In some cases, monowall is not enough. For this reason, here's my 
humble requirements for a perfect firewall:

1) Gui as today. Most things are handled in seconds.
2) Better support for statefull inspection/passthrough of special protocols 
(e.g IPSEC, ICA)
3) A better interface (than SNMP) for realtime monitoring and configuration. 
This interface (to the core) could be a set of webservices. This would 
enable heavyweight GUI komponents to be hosted on an external (LAN) host.
4) Configurable event mechanism.

ad 2)
I have a couple of CISCO VPN clients running on LAN workstations. It was a 
pretty big job to get those running.

ad 3)
Realtime monitoring pr. IP, Port and trafficshaper rules/queues would make 
optimization so much easier.

ad 4)
I've spent hours with Etheral, ntop and monowall trying to debug certain 
problems. If i where able to set up some eventing mechanism, it would have 
saved me a lot of time. Event could be sent for congestion, use of specific 
protocols, specific clients (mac addresses) becomming active etc. Eventing 
could be based on e-mail notifications or using the previously mentioned 
webservices.


BR