[ previous ] [ next ] [ threads ]
 From:  Sven Brill <madde at gmx dot net>
 To:  "Adriel T. Desuatels" <adriel at netragard dot com>
 Cc:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] m0n0snort
 Date:  Wed, 14 Feb 2007 14:26:34 -0500
Adriel T. Desuatels wrote:
> Greetings list, 
>     Is there any intention of creating a monowall + snort image? I realize
> that the image would need to run on a PC instead of the soekris like systems
> because of memory/cpu requirements, but does one even exist?
I doubt that will ever happen, as that is not what m0n0wall was designed 
for. Periodically, there are questions on the list to add functionality 
to m0n0wall that don't have much to do with its core purpose - 
firewalling. Most of these requests are either for squid proxy or other 
such things, but I guess the answer is the same for snort - m0n0 is a 
firewall for embedded systems, and does the job well. If it gets bloated 
with all these things, it probably won't do any of the jobs so well anymore.

And honestly, don't put all your eggs in one basket - let the firewall 
do the firewalling, and let one or more snort sensor(s) sniff the 
wire(s) and a central box do the reporting. Why would you want it in the 
same box?