Have you ever noticed how cars get bigger every year? Back in 2001, I
had a BMW 3 series. Now the 1 series is out, and it is the size of my
old car. But bigger does not always mean better...
> Now that m0n0wall is at version 1.3, I looked back at what where it started
> and when it came out. A lot has changed in six years. Embedded processors
> are more powerful now and 16Mb CF cards are practically non-existent. We
> all throw away the 32Mb cards that come with our cameras. The original WRAP
> and net4801 boards are discontinued, the ALIX boards are now the platform of
> choice, and earlier this year AMD announced that it stopped development of
> the Geode processor.
I have about 100 firewalls in production. Right now I am trying to
figure out how to tell remotely which ones have an 8 mb flash, and will
need a site visit. There is still a lot of legacy equipment out there.
> I think the original goals of m0n0wall were to make it as small as possible,
> run from RAM and work on embedded platforms. But the definition of "small"
> has changed. Upgrading the scope of m0n0wall to platforms with 128MB RAM
> and 32MB Flash would be a better target. I still think it should focus as a
> firewall which can be run entirely from RAM, as to not cross paths with
> pfSense, Untangle or other firewalls which need more muscle and read-write
> access to hard drives for caching, like squid. But that being said, there
> are a couple features which could be added without breaking that rule.
Also there is the reliability and power savings of sleeping the hard
drive all the time.
> For an entirely selfish reason, I'd like to see UPnP supported added. I
> don't use m0n0wall today for this very reason. I'm forced to use pfSense
> with all its bugs and inability to upgrade easily over the network. Adding
> UPnP as a feature would allow me to return. OpenVPN and load-balancing
> might also be possibilities.
Many of us will argue that any device with UPnP is NOT a security
device. There are more than a few UPnP aware viruses and malware. It
is like a gun in the hand of a child. And I HATE applications that
"need" it. Luckily, right now we don't have it, so I actually have to
do things in the firewall the right way. I am afraid that if it is
enabled, I will be forced to do things the wrong way by people who do
not understand the risk, just because I can.
OpenVPN and load balancing would be nice, however. :)