|
||||||||
hi, at first, m0n0wall is a great tool! At the beginning I was looking for a solution for one of our firewalls, because I need pptp-support and sentry-firewall doesn't have it. Now I will migrate all our firewalls to m0n0wall. But if you setup a m0n0wall for a large network with different subnets only with the webgui you need a lot of time (I spent 2 days, for setting up our primary firewall!!!). I think it would be possible to write some thin scripts for adding NAT's and filter-rules direct to the config.xml and upload the new config.xml. For example I have 106 inbound-NAT's and the same WAN->DMZ-rules I need as LAN->DMZ-rules (LAN->DMZ is blocked per default here), so I used some "for" and "sed" to copy the rules - works fine. I think you schould always have a copy of the config.xml outside the firewall-box, because I don't trust discs. What do you think about "offline-config-tools" for m0n0wall? I think I will write some when migrating next firewalls. bye fisch -- fisch at conne dash island dot de http://kampagne.conne-island.de |