What is m0n0wall?

m0n0wall is free firewall software that is a little different for a few reasons. It is:

• based on FreeBSD, not Linux ¹
• optimised for small embedded PC devices, but can also be installed on a very wide range of PC hardware
• licensed under a less restrictive FreeBSD type license rather than the GPL ²

m0n0wall is mostly the work of Manuel Kasper. He started to build m0n0wall as a web interface to FreeBSD being used as a packet filter on embedded PCs. This quickly turned into a complete firewall package with a clean and easy-to-use PHP-driven web interface.

Manuel then decided he didn't like the inflexibility of using the standard shell script method of configuring the Unix systems and made the bold step of using PHP - a technology usually used for dynamic web page creation - for configuring the system at boot up. Using PHP in this way is quite unique and allows the whole system configuration to be held in a structured XML file. It also helps to keep the system image small (currently less than 6MB) as large bits of software like PERL are not required.

The first public beta of m0n0wall was released in February 2003. A further year of work and 26 further beta releases culminated in the release of m0n0wall v1.0 in February this year. m0n0wall is now a collaborative project, but its development is still managed by Manuel Kasper, who also contributes a large proportion of the development.

The main m0n0wall v1.0 functions and features are:

• Stateful packet filtering with block/pass rules on all interfaces and logging
• Flexible and optional NAT & PAT including 1:1
• DHCP client, PPPoE, PPTP support on the WAN interface
• Static routes
• Traffic shaping
• Dynamic DNS client
• DHCP server, separately configurable for all interfaces
• Caching DNS forwarder with optional static entries
• Aliasing for hosts and networks
• Wireless interface support
• IPSEC VPN endpoint, network to network and mobile clients
• PPTP VPN endpoint, with RADIUS authentication support
• SNMP agent
• Logging to remote Syslog server
• Online firmware upgrade
• Configuration Backup/Restore

¹ Some Linux based firewalls such as SmoothWall are based on the Linux 2.4 Kernel (or more recent). This could make users liable for licensing fees payable to SCO Inc. if they are successful with their current Intellectual Property / Copyright / Contract claims. So far the BSD family has been free of such claims from SCO Inc.

² Quoting the FreeBSD FAQ, the license has two and only two basic conditions, "Do not claim that you wrote this." and "Do not sue us if it breaks." This frees the software to be used and modified for any purpose, including commercial, with very little restriction other than crediting the authors of the original work.

Tags: firewall, Linux, m0n0wall, open source,

Related Articles: