Some good feature requests would be to have IP ranges to use. ie:
192.168.10.x - 192.168.10.x. Also object/host groups would be handy...I
beleive you can get this in PF or latest version of IPF
----- Original Message -----
From: "Lee Sharp" <leesharp at hal dash pc dot org>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, May 21, 2006 12:59 PM
Subject: Re: [m0n0wall] Some feature requests
> From: "Shish" <shish at shish dot is dash a dash geek dot net>
>>I just started usin m0n0wall yesterday, everything works just as well
>> as the custom debian firewall it took me a week to set up, with the
>> exception of a couple of things I can't see any way to do:
> This is common. What is unusual, is that you provided the information you
> needed for us to help you! I will do what I can to give you suggestions
> and work-arounds.
>> o) Automatic wake-on-lan messages
>> Because my server needs internet access for a couple of things in the
>> boot phase, the router / firewall needs to be completely online and
>> running before it starts, so setting both to wake-on-power doesn't
>> work. A setup which works great is having the router wake on power, and
>> once it's ready, sending wake-on-lan packets to all the other boxes. A
>> checkbox next to each of my WOL bookmarks for "send a packet here when
>> m0n0wall boots" would be most appreciated
> Look at the system/shellcmd at
> http://doc.m0n0.ch/handbook/faq-hiddenopts.html You may have to do some
> decoding to see how m0n0 sends WOL packets, but here is where to do it on
>> o) OpenVPN
>> It was there, and now it isn't? What was wrong with it? Is there any
>> way to get it back?
> It was in 1.2b4 to 1.2b7 when a lot of things were dropped for stability.
> This is something coming back. It should be in the mythical 1.3 release.
>> o) Firewall rule for connections / sec
>> Running a shell server for some friends, they want to make outgoing
>> connections; however I don't want to be part of a DDoS attack if an
>> account gets broken into. Currently I have rules like HTTP gets 60
>> connections / min with burst of 200, and IRC gets 1 connection / min
>> with burst of 10 (to allow just-started clients to connect to all
>> networks, and periodic reconnction when a connection dies for whatever
>> reason). It's worked well for normal use (the users don't notice it),
>> and under attack (only about 100 packets were sent before I noticed,
>> compared to the several thousand that would've been were it not for
>> the filtering)
> Play with the traffic shaper. You may be able to set up pipes that work
> similarly. The best part is an attacker would still seem to "succeed" but
> would be so slow you could catch him before he does damage.
>> o) Swap space
>> I still have a partition marked "Linux Swap" for the debian firewall --
>> can m0n0wall be made to use it? (It can be reformatted if necessary).
>> My firewall box has 32MB RAM, and is too old for upgrades (I don't
>> even know what type of RAM it uses, the sticks aren't a type I
>> recognise...). m0n0wall does work fine on 32MB, so long as I only open
>> one page at a time...
> Ain't gonna happen. The entire concept of m0n0wall is a tight, lean
> firewall that runs totally in memory. What you may want to look at is
> pfsense at http://www.pfsense.com/ It is a friendly fork of m0n0wall. It
> uses swap. It also is designed for more powerful hardware. It might be
> easier to find the ram on eBay.
>> o) "Move selected rules before this rule" for the traffic shaper
>> It's *so* much faster than "move rule up / down one position". I got so
>> fed up I ended up writing a small shell script to automate the upping
>> and downing for me :P
> You can always edit the config file directly. I do this often to "paste
> in" specific configs I use a lot.
>> o) Bootable floppies
>> Old hardware again -- the CD drive is a bit dodgy, and the box
>> sometimes gives up too soon and moves on to booting from the hard
>> drive. Putting GRUB / the BSD equivalent on the floppy and setting it
>> to boot the CD would be more reliable. I know it's not a m0n0wall thing
>> per-se, but a note in the docs about how to do it would be nice.
> Hmmm... Interesting. This would also help a lot of this finicky systems
> (Like HP servers) that don't want to boot from a hard drive! It would to
> be FAT so the config could be saved, and that is about it.
>> And finally, a tiny bug report -- when adding NAT rules, and ticking
>> the "Auto-add a firewall rule..." box, if there's an error in the user's
>> input, the box is un-ticked on the "please correct your errors" page.
> I hate that one. Another one is if you forward several inbound ports to
> one port, and check it each time from habit, you gate several copies of
> the same rule. :-) Just a quirk.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch