[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Statement regarding m0n0wall features
 Date:  Tue, 27 Jan 2004 18:38:04 +0100
Hey folks,

I feel the need to state once and for all what the intention with which 
I started m0n0wall was. My goal was to create a free/open-source 
alternative to smaller commercial firewall boxes - no more, no less. I 
figured that on a Soekris or similar embedded PC, it could be made to 
look and behave just like a commercial firewall - only cheaper and with 
me in control of the features. When I started working on it, I 
especially had the following models in mind:

- WatchGuard SOHO
- ZyXEL ZyWALL 10
- SonicWALL SOHO
- NetScreen 5XP

I didn't intend to create an enterprise-class firewall, and I didn't 
intend to make a file, mail, print, web or whatever server. And despite 
the fact that m0n0wall runs well (and in the majority of installations, 
according to the survey!) on normal PCs, it is targeted at embedded PCs, 
which means they dicate what is possible in terms of storage, CPU speed 
and RAM size.

I think m0n0wall mostly meets or even exceeds the feature range of the 
aforementioned products, so my goal has already been reached. That 
doesn't mean there's no room for or point in improvements. I just want 
to make it clear that I don't think we're ever going to see things like 
the following in m0n0wall:

- caching proxy
- file server (Samba etc.)
- mail server
- web server (Apache etc.)
- very extensive statistics

simply because it wasn't my goal to produce some all-in-one thing like 
e-smith, but a packet filtering firewall. Furthermore, these things 
usually don't mix well with embedded PCs for several reasons.

Why do we have a DHCP server then? Because all the commercial products I 
mentioned before do, because it's small and lightweight enough to fit in 
with the rest, and because it considerably increases ease-of-use 
(meaning that if your Internet connection uses DHCP too, like for 
example cable, you don't have to configure anything at all to let your 
clients access the Internet - that's why it's on by default too).

Now, about the NTP server... Rest assured that if msntp didn't have 
problems with Windows XP clients, there would have been a nice little 
NTP server configuration page in the webGUI, or at least a checkbox on 
the general setup page (with default to off of course), since pb15. But 
I don't like stuff that works only half of the time, so that's why it 
hasn't happened yet.

There you go... Hope I've explained my point of view now.

Regards,

Manuel