Re: [m0n0wall] Why should one not use Monowall for production systems on a VM Platform

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Why should one not use Monowall for production systems on a VM Platform
Date:	Tue, 09 Sep 2008 12:48:37 -0500

Jeff Rhys-Jones wrote:
> I have taken a good look at Monowall and think it's a great bit of 
> coding. Monowall has a very small OS footprint, and is therefore idea to 
> run in virtual environments.
> 
> Initially I was very excited about the VMWare version of Monowall, as I 
> can see a clear need for people to use Firewall VM appliances. It's a 
> hot topic right now.
> 
> However, on reading the manual - it could not be spelt out clearer, the 
> message is this: DO NOT USE IT FOR PRODUCTION!
> 
> What I would really like to know is - why?

Simple reasons.

1) It is less secure than a dedicated box.

2) It is very complex to set up correctly, and have networking actually 
work.

3)  It is a complex environment, and when (not if) something breaks, we 
don't want the blame.

Knowing that, if you want to go forward, go for it!  It is a warning, 
not a rule.

			Lee