[ previous ] [ next ] [ threads ]
 From:  "fisch" <fisch at conne dash island dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall configuration
 Date:  Sun, 25 Jan 2004 21:21:18 +0100 (CET)
at first, m0n0wall is a great tool!
At the beginning I was looking for a solution for one of our firewalls,
because I need pptp-support and sentry-firewall doesn't have it. Now I
will migrate all our firewalls to m0n0wall.
But if you setup a m0n0wall for a large network with different subnets
only with the webgui you need a lot of time (I spent 2 days, for setting
up our primary firewall!!!).
I think it would be possible to write some thin scripts for adding NAT's
and filter-rules direct to the config.xml and upload the new config.xml.
For example I have 106 inbound-NAT's and the same WAN->DMZ-rules I need as
LAN->DMZ-rules (LAN->DMZ is blocked per default here), so I used some
"for" and "sed" to copy the rules - works fine.
I think you schould always have a copy of the config.xml outside the
firewall-box, because I don't trust discs.
What do you think about "offline-config-tools" for m0n0wall? I think I
will write some when migrating next firewalls.
fisch at conne dash island dot de