m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
The m0n0wall system currently takes up less than 12 MB on the Compact Flash card (or CD-ROM), and contains
all the required FreeBSD components (kernel, user programs)
ipfilter
PHP (CGI version)
mini_httpd
MPD
ISC DHCP server
ez-ipupdate (for DynDNS updates)
Dnsmasq (for the caching DNS forwarder)
racoon (for IPsec IKE)
UCD-SNMP
choparp
BPALogin
On recent embedded platforms (like net4801 or WRAP), m0n0wall provides a WAN LAN TCP throughput in excess of 50 Mbps (including NAT). Newer standard PCs can easily reach > 100 Mbps.
On an ALIX.2, m0n0wall boots to a fully working state in less than 25 seconds after power-up, including POST (with a properly configured BIOS)
pfSense History
This project was started in September 2004 by Chris Buechler and Scott Ullrich. Chris is a long time contributor to the m0n0wall project. m0n0wall is a great embedded firewall, but one of the great things about its design is also a limitation to expandability. m0n0wall runs entirely from RAM, the entire OS and all applications are loaded into RAM at boot time. This is a great design for embedded systems, for performance and reliability reasons. However it has no capability of being installed into a normal file system on a hard drive. Hence many desirable functions can't be reasonably implemented.
WHAT m0n0wall is NOT! (This is where pfSense comes in and does many of whats listed below!)m0n0wall is a firewall, and the purpose of a firewall is to provide security. The more functionality is added, the greater the chance that a vulnerability in that additional functionality will compromise the security of the firewall. It is the opinion of the m0n0wall founder and core contributors that anything outside the base services of a layer 3 and 4 firewall do not belong in m0n0wall. Some services that may be appropriate are very CPU-intensive and memory hungry, and m0n0wall is focused towards embedded devices with limited CPU and memory resources. The non-persistant filesystem due to our focus on Compact Flash installations is another limiting factor. Lastly, image size constraints eliminate other possibilities.
We feel these services should be run on another server, and are intentionally not part of m0n0wall:
Intrusion Detection/Prevention System
Proxy Server
Packet inspection at any layers other than 3 and 4
A general purpose web server
An FTP server
A network time server
A log file analyzer
For the same reason, m0n0wall does not allow logins: there is no login prompt at the console (it displays a menu instead), and no telnet or ssh daemon
-
For Sale
»
Netgear Prosafe VPN Firewall $35 Shipped!