>The other thing m0n0 would need (if I'm understanding the
>rulesets right) is having an outbound firewall rule for
>'WAN' instead of 'ANY' (ie - to allow isolation between
>different OPT interfaces). I would love to see this in the
>next beta as it would have other benefits as well.
You could try a rule that drops traffic to 192.168/16 and/or 10/8 for
your average multiple small-client installation, or replace the default
"--> ANY" rule with a "!192.168/16" assuming you assign each client
their own /16 (or whatever) and they're all from 192.168/8.
Agreed though, being able to enter a destination interface would be
great (WAN especially, but I could see it being useful to have LAN and
various OPT# interfaces available too)
Even without VLANs m0n0wall would be ideal for this installation if you
were deploying some low power PCs with 4-5 PCI quad-cards each you
could easily get 16-20 ports per router in PCs you picked up for free
(okay okay, probably not what you'd want to base an ISP off of, but
realistically, you could do a small installation reasonably reliably
simply by testing the hardware upfront and having abundant hardware
Assuming you were using 10Mb links to your various clients, you could
probably run 15+ clients on a single 100Mb port and a low-end P2
God must love stupid people; He made so many.