[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Future plans after 1.3?
 Date:  Fri, 04 Dec 2009 09:07:50 -0600
Have you ever noticed how cars get bigger every year?  Back in 2001, I 
had a BMW 3 series.  Now the 1 series is out, and it is the size of my 
old car.  But bigger does not always mean better...

Robert wrote:
> Now that m0n0wall is at version 1.3, I looked back at what where it started
> and when it came out.  A lot has changed in six years.  Embedded processors
> are more powerful now and 16Mb CF cards are practically non-existent.  We
> all throw away the 32Mb cards that come with our cameras.  The original WRAP
> and net4801 boards are discontinued, the ALIX boards are now the platform of
> choice, and earlier this year AMD announced that it stopped development of
> the Geode processor.

I have about 100 firewalls in production.  Right now I am trying to 
figure out how to tell remotely which ones have an 8 mb flash, and will 
need a site visit.  There is still a lot of legacy equipment out there.

> I think the original goals of m0n0wall were to make it as small as possible,
> run from RAM and work on embedded platforms.  But the definition of "small"
> has changed.  Upgrading the scope of m0n0wall to platforms with 128MB RAM
> and 32MB Flash would be a better target.  I still think it should focus as a
> firewall which can be run entirely from RAM, as to not cross paths with
> pfSense, Untangle or other firewalls which need more muscle and read-write
> access to hard drives for caching, like squid.  But that being said, there
> are a couple features which could be added without breaking that rule.

Also there is the reliability and power savings of sleeping the hard 
drive all the time.

> For an entirely selfish reason, I'd like to see UPnP supported added.  I
> don't use m0n0wall today for this very reason.  I'm forced to use pfSense
> with all its bugs and inability to upgrade easily over the network.  Adding
> UPnP as a feature would allow me to return.  OpenVPN and load-balancing
> might also be possibilities.

Many of us will argue that any device with UPnP is NOT a security 
device.  There are more than a few UPnP aware viruses and malware.  It 
is like a gun in the hand of a child.  And I HATE applications that 
"need" it.  Luckily, right now we don't have it, so I actually have to 
do things in the firewall the right way.  I am afraid that if it is 
enabled, I will be forced to do things the wrong way by people who do 
not understand the risk, just because I can.

OpenVPN and load balancing would be nice, however. :)