at first, m0n0wall is a great tool!
At the beginning I was looking for a solution for one of our firewalls,
because I need pptp-support and sentry-firewall doesn't have it. Now I
will migrate all our firewalls to m0n0wall.
But if you setup a m0n0wall for a large network with different subnets
only with the webgui you need a lot of time (I spent 2 days, for setting
up our primary firewall!!!).
I think it would be possible to write some thin scripts for adding NAT's
and filter-rules direct to the config.xml and upload the new config.xml.
For example I have 106 inbound-NAT's and the same WAN->DMZ-rules I need as
LAN->DMZ-rules (LAN->DMZ is blocked per default here), so I used some
"for" and "sed" to copy the rules - works fine.
I think you schould always have a copy of the config.xml outside the
firewall-box, because I don't trust discs.
What do you think about "offline-config-tools" for m0n0wall? I think I
will write some when migrating next firewalls.
fisch at conne dash island dot de