Het pakket m0n0wall is een firewall met uitgebreide mogelijkheden. Het maakt in de basis gebruik van het besturingssysteem Freebsd 6.x en is volledig in te stellen via een webbased interface. M0n0wall heeft onder andere ondersteuning aan boord voor wireless opstellingen, 802.1Q-vlan, nat/pat, ipsec vpn tunnels en pptp vpn. Daarnaast kan het ook packet filtering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben alweer de twaalfde bètaversie van m0n0wall 1.3 de deur met de volgende lijst van aanpassingen uitgedaan:
Version 1.3b12:Version 1.3b11:
- Known bug: DNS forwarder doesn't work when "Register DHCP leases in DNS forwarder" option is enabled
- WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
- When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.
- added initial IPv6 support (based on code contributed by Michael Hanselmann in 2005)
- removed IPv6 tunneling option
- automatically generate self-signed SSL certificate when switching from HTTP to HTTPS (CN = current hostname); also add a button to generate a self-signed certificate on demand on the System: Advanced page
- make captive portal "disable concurrent logins" function compare usernames in a case-insensitive manner
- fix polling setting on optional interfaces
- add ipnat fix (from ipfilter mailing list) to prevent a (rare) case of kernel panic when ipnat sees a fragment of a TCP packet, and that fragment is not the first one
- remove PPPoE/PPTP dial-on-demand feature. Still doesn't work properly, nobody has enough interest in it to fix it, and most people probably don't need it anyway
- remove bpalogin - looks like it's dead
- updated Dnsmasq to 2.42
- don't run captive portal reauthentication (if enabled) for MAC pass-through clients (patch by Peter Allgeyer)
- repeat banner each time the console menu is displayed
Version 1.3b10:
- fixed IPsec to prefer new SAs over old SAs by default (should solve problems with tunnels not working after an interruption or peer IP address change)
- added DPD (Dead Peer Detection) option to IPsec tunnels (default off as before)
- added asn1dn option to IPsec identifier types to be compatible with what Openswan expects when using certs instead of PSKs (contributed by Wes Morgan)
- fixed SVG traffic/CPU graphs under IE7 (by Daniel S. Haischt)
- allow fragmented ESP and NAT-T encapsulated IPsec packets when using the integrated IPsec support (should solve MTU issues)
- added patch to make mini_httpd accept intermediate SSL CA certificates
- use NTP vendor pool zone for m0n0wall instead of pool.ntp.org (this will also be automatically replaced in existing installations on the first boot)
- fix MSNTP to properly handle server hostnames that start with a digit
- updated base system to FreeBSD 6.3-RELEASE-p1
- copied dhclient-script from m0n0wall 1.233 (in an attempt at solving the sporadic DHCP renewal problems reported by some users)
- fix MPD WAN PPPoE/PPTP auto-reconnect issue
- webGUI HTML tidyness fixes by Daniel S. Haischt
- put IPSTEALTH in kernel config so that it can be enabled via sysctl if needed
- updated ipsec-tools to 0.7
:fill(white):strip_exif()/i/1271882067.jpeg?f=thumbmedium)
:strip_icc():strip_exif()/u/4764/crop5e9024a30841d_cropped.jpeg?f=community){kind=small}