|
||||||||||
If memory serves me right, "Federico Krum" wrote: > I have wrote an email to the list before asking for the configuration to = > use monowall as a firewall using public IPs on the DMZ insted of nating. > I have read Bruce Mah site for the patches... but found the = > disadvantage that the implementation is not fully integrated with the = > web interface, have to patch the distro each time that new things come = > out and Im not always sure that the patches can be applyed over new = > versions. I agree this is suboptimal but there's basically nothing else I can do unless Manuel wants to pull in some part of my patches. I haven't looked at pb16 yet, BTW. (I don't understand your "not fully integrated with the web interface" comment.) > So , probably, the next question is for Manuel; > > Considering that there is no gnu or free firewall as nice as m0n0 out = > there with the capability of using public IPs over the dmz..... > ...Would be very dificult or time consuming to make this feature be = > built in m0n0wall? I personally don't think it'd be that difficult. Manuel has indicated (and I concur) that the use of bridge(4) bridging doesn't work very well for a majority of users. So any solution would have to allow for the original ng_bridge(4) plus what was in my patch...maybe by letting the user decide which type of bridging they want. Of the three patch files on my Web page: filter.inc.diff should have no effect on the original bridging behavior, because firewall rules don't affect ng_bridge(4) bridging. It can probably be applied regardless. The bridge configuration patch in interfaces.inc.diff can perhaps be made conditional (i.e. add a checkbox somewhere in the Web interface to select which type of bridging, if any, to use). rc.diff can, I think, be applied without any ill effect...it's a no-op for the ng_bridge(4) users. If you (plural) want to see this, try to get Manuel to adopt the above approach. Better yet, someone give him some patches that actually implement what I described above. :-) Bruce. |