I've been using m0n0 for a month and have thought about a few improvements
that would makeit easier to manage.
1.- Aliases are quite usefull but, why don't have user difined aliases for
ports (HTTP -> TCP 80, VNC -> TCP 5900, DNS -> UDP/TCP 53 ...)?
2.- Sometimes you need to give access to some services that are related all
together so you must define a rule for each one. A good solution would be
that you could define groups of services in order to reduce the number and
complexity of the rules. For instance, I always use to give access to mail
Internet services (HTTP, HTTPS, FTP, telnet, dns ...) to my LAN; this could
be represented in only one rule if you can group all these services
together. Another example are services that use several ports like VNC
(5800,5900), DNS (53 TCP/UDP), PCAW, etc.
3.- The IP addess of the interface generally is related with the origin
addresses of the packets it receives, with some exceptions like WAN or
complex network achitectures. So it would also be useful that a rule could
affect to all interfaces (making again the definition of rules easier) by
introducing an "any" to the interface selection.
4.- In my network there are subnetworks that are not managed by myself so I
cannot redefine routings on them. I would like to be able to access these
networks from WAN subnet, so I need to make NAT to the LAN interface
address. But I cannot do NAT into the LAN side. Could it be possible in
Please gimme some comments about this, thank you.