Josh wrote:

>The other thing m0n0 would need (if I'm understanding the
>rulesets right) is having an outbound firewall rule for
>'WAN' instead of 'ANY'   (ie - to allow isolation between
>different OPT interfaces).  I would love to see this in the
>next beta as it would have other benefits as well.
>  
>
You could try a rule that drops traffic to 192.168/16 and/or 10/8 for 
your average multiple small-client installation, or replace the default 
"--> ANY" rule with a "!192.168/16" assuming you assign each client  
their own /16 (or whatever) and they're all from 192.168/8.

Agreed though, being able to enter a destination interface would be 
great (WAN especially, but I could see it being useful to have LAN and 
various OPT# interfaces available too)

Even without VLANs m0n0wall would be ideal for this installation if you 
were deploying  some low power PCs with 4-5 PCI quad-cards each you 
could easily get 16-20 ports per router in PCs you picked up for free 
(okay okay, probably not what you'd want to base an ISP off of, but 
realistically, you could do a small installation reasonably reliably 
simply by testing the hardware upfront and having abundant hardware 
swapouts.

Assuming you were using 10Mb links to your various clients, you could 
probably run 15+ clients on a single 100Mb port and a low-end P2 
m0n0wall box.

-- 
God must love stupid people; He made so many.