Het pakket m0n0wall is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD 6.x en kan volledig via een webinterface worden ingesteld. M0n0wall heeft onder andere ondersteuning voor 802.1Q-vlan, nat/pat, ipsec/vpn-tunnels en pptp-vpn. Daarnaast kan het packet filtering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben onlangs m0n0wall 1.33 de deur uit gedaan en voorzien van de volgende lijst met aanpassingen:
m0n0wall 1.33 released
m0n0wall 1.33 adds a new image type for generic PCs with a serial console, further improves IPv6 support, includes a driver for newer Realtek network chipsets and contains various small changes and bug fixes.
Known issues:Changes in this release:
- WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
- When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.
- a new image type "generic-pc-serial" has been added; the only difference to generic-pc is that it always uses the serial console (on COM1 at whatever speed the BIOS set it to)
- added Realtek customized network chip driver to support additional chipsets
- updated ipfilter to 4.1.33
- inbound NAT rules can now be added on the LAN interface with the WAN address as a target; this helps with accessing servers on an optional interface from the LAN interface by using m0n0wall's WAN IP address
- IPv6 improvements by Andrew White:
- support for LAN IPv6 prefix assignment using DHCP-PD
- added MTU option for RA
- added AICCU to interface status page
- added IPv6 support for syslog destination
- added IPv6 support for Diagnostics: Firewall States
- added error handling to interface status page for AICCU being down
- fixed DHCPv6 server setup when target interface is configured in 6to4 mode (reported by Brian Lloyd)
- modified "disable port mapping" option so that it will actually avoid port mapping whenever possible, but fall back to port mapping if another mapping for the same port already exists (inspired by a patch submitted by Adam Swift)
- added support for user-customizable captive portal logout and status page, as well as a password change option for local CP users (contributed by Stephane Billiart)
- added 'Bind to LAN' option for syslog, so you can syslog over a VPN tunnel
- fixed dnswatch to deal with changed resolv.conf (for IPsec tunnels to dynamic endpoints)
- fixed various XSS vulnerabilities in webGUI
- added option on advanced setup page to defend against DNS rebinding attacks
- fixed extra slash in captive portal redirect
- added support for (manually updated) CRLs for IPsec VPN (contributed by Sebastian Lemke)
- prevent /ext directory from being listed through webGUI (reported by Bernd Strehhuber)
- fixed typo in system_do_extensions() that broke extensions support (reported by Bernd Strehhuber)
- added check for DHCP reservation entries for the same MAC address
- changed EDNS to 4096 from default of 1280 for dnsmasq, should help with DNSSEC
- don't let missing DNS server information keep DHCPD from starting
:fill(white):strip_exif()/i/1271882067.jpeg?f=thumbmedium)
/u/89674/nventiv5.png?f=community){kind=small}
:strip_icc():strip_exif()/u/57828/Nibbler-60x60.jpg?f=community){kind=small}