Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Just block them (Score 2) 130 130

Delete stuff from the Internet... Hmmm... Sounds like a wonderful idea. How?

Actually it is a terrible idea, even if it could work, because looking at how the code progressed is how you learn. Not to mention that I can patch and old version to fix the vulnerability, but not have to move to the new and incompatible version.

Comment: Re:Is this unique to Java? (Score 2) 130 130

It got to the point we put in very large bold characters in our release notes ... we work on this version of Java, if you get clever and introduce your own version of Java, we won't talk to you until you confirm the bug in the version we support.

Which is how we ended up with the management nightmare of different hardware requiring different and incompatible versions of JAVA for the "Web Client" to manage it. So, one workstation to manage Cisco. One workstation to manage EMC. One for HP. One for the phone system and a different one for the voicemail... And hope to God no one clicks "Update" on the popup before reading it!

Comment: Re:Why? (Score 1) 130 130

I've been told in tens of thousands of Slashdot comments(all modded up) that Open Source software is more secure. No wonder this site is dying.

It is not more secure due to magic. It is more secure due to patches and updates. If you do not apply them, you do not get that security. It is like having locks and a car alarm, but leaving your keys on the dash.

Comment: Re:OPNSense not really M0n0Wall successor (Score 1) 34 34

None of these are as small as *WRT distros and they still to this day only run on x86 and x64, but you get OpenBSD's packet filter (claimed by most to be superior to Linux's) bolted onto FreeBSD (for better hardware support?) and a BSD license if that matters to you.

Also, good luck getting a *wrt to give gigabit sustained transfers. :) SmallWall and m0n0wall on modern hardware can give 900meg sustained transfers all day, and can do some hefty encryption on the side if needed for IPSEC.

As to the projects that owe allegiance to m0n0wal, and the people that learned there... This is a quick peek at some of those people... http://www.smallwall.org/histo...

Comment: Re:How is this better than iptables or pf? (Score 1) 34 34

I actually had missed the news that the M0n0wall project was over. But even if it is, one of its derivatives is pFsense. What is pFsense missing that makes people want to fork M0n0wall?

It is not what it is missing, but what it has... m0n0wall was (and SmallWall is) smaller, and leaner. Less services means less attack vectors. It is also easier to configure correctly for novices. But the big thing is that some people are fundamentally against "kitchen sync" appliances where everything is on one box. Sometimes, separation of jobs is a very good thing.

I am not saying pfSense is bad. It is a good system, and Chris is a good guy. But I prefer solutions where the components do one thing, and do it well.

Comment: Re:OPNsense (Score 1) 34 34

One thing to compare is the hardware requirements for running OPNsense versus m0n0wall or SmallWall. OPNsense requires essentially a fairly modern computer, whereas I run m0n0wall currently on a 15+ year old 600Mhz P3 (which spends about 90% of its time twiddling its thumbs). I'm guessing that almost no one who was running m0n0wall is able to install OPNsense on the same hardware, as the requirements for OPNsense would be extreme overkill for m0n0wall.

That does bring up an interesting question about the MIXTPC boxes. My understanding is that m0n0wall will only use one core in a multi-core system, a few tens of MB of disk space, only and certainly won't use more than 128MB of ram. The MIXTPC boxes will still work, but even the cheapest one at $250 is way more than you'll need.

You are correct in that any modern box is overkill. But there is really no new hardware that is any cheaper... And SmallWall can use more than 128 meg of ram, as some tables live in ram and can grow large in heavy use environments. But I have seen very few boxes use more the 512 meg.
As to multi-core, that is on the roadmap. It will be easier to support when the base is moved to FreeBSD 10.1 in the future.

Comment: Re:OPNsense (Score 3) 34 34

If you read his final notice at http://m0n0.ch/wall/freeze_ann... you will see more then OPNsense.


as announced earlier, the m0n0wall mailing list and forum are now frozen. This is the final message, and I would like to take the opportunity to thank all those who have sent me emails with kind words and expressions of gratitude. They were too numerous for me to reply to individually, but they were all very much appreciated!

There have been some questions on what the way forward is for current m0n0wall users. If you are happy with the current feature set of m0n0wall and just need a security patch, bug fix, hardware compatibility update or minor improvement now and then, there are two nascent projects started by former m0n0wall developers/users that may have something for you: SmallWall and t1n1wall.

For a more feature-rich alternative that is still based on FreeBSD and has the same roots, both pfSense and OPNsense (which is a fork of the former) are excellent choices. They have higher hardware requirements than m0n0wall, but on the other hand, a lot of new embedded hardware has recently become available, with 2 GB or more of memory and 1 GHz or faster CPUs, at a similar price as earlier platforms. It makes sense (pun intended) to use these additional resources - something that m0n0wall hasn't been particularly good at in recent times. Just keep that in mind for your next hardware upgrade.

Farewell, fellow m0n0wall enthusiasts.

- Manuel
28 February 2015

Both SmallWall and t1n1wall.com are lean, and purpose built firewalls that do only one thing. They are not kitchen sink applications. They are meant to plug into web filters, not to be web filters.

pfSense, and OPNsense are extensible firewalls with a plug in architecture. While expandable, they are more complex and heavier weight. A good example is to compare traffic shaping between them... M0n0wall, SmallWall and t1n1wall will win that contest hands down!

+ - m0n0wall fork SmallWall has first official release

houstonbofh writes: When the m0n0wall project ended back in February, many people just did not want to lose their small and lean firewall. And now, one of the forks, http://www.smallwall.org/ has released it's first non-beta release. It has some small improvements to the GUI, and now has added L2TP support. The announcement with the changes can be found here. http://smallwall.freeforums.ne...

Also, a partnership with MIXTPC was announced allowing firewalls with SmallWall preloaded to be purchased. http://smallwall.freeforums.ne... Their web store is here. http://www.mitxpc.com/products...

"Well, it don't make the sun shine, but at least it don't deepen the shit." -- Straiter Empy, in _Riddley_Walker_ by Russell Hoban