Artikelbeschreibung:
m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price.
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
m0n0wall already provides many of the features of expensive commercial firewalls, including:
changed base system to FreeBSD 6.2-RC1 (final 1.3 version will be based on FreeBSD 6.2-RELEASE)
WARNING: the generic-pc image no longer fits on 8 MB CF cards! (>= 10 MB required)
added support for new wireless features in FreeBSD 6
Atheros cards are finally supported!
channel selection on interface setup page now reflects actual capabilities of card
wireless status page shows scanned APs in client mode and associated stations in hostap mode
WPA support is expected in the next release
for generic-pc-cdrom, the configuration may now also be stored on an USB memory stick (instead of a floppy disk). m0n0wall will automatically probe for an USB stick with an FAT file system first, and if this fails, fall back to the floppy drive.this release can also be booted directly from a USB memory stick on most PCs (simply install the generic-pc image to your USB memory stick with physdiskwrite), so generic-pc-cdrom is now only for machines that either don't have USB at all or that can't boot from USB due to BIOS limitations.
removed MTU option from Interfaces: WAN page. This used to control TCP MSS adjustment, but since the non-NAT-dependent MSS fixup patch kludged into ipnat has not been ported to ipfilter 4 (and is an ugly hack at best anyway), MSS fixup is now automatically applied for PPPoE connections (where it is actually needed) using MPD's integrated feature and shouldn't be necessary in other cases
a rather intrusive kernel patch was required to make concurrent traffic shaping + NAT on the WAN interface possible; if you rely on this feature, please test it well and report any problems
