m0n0wall

Software Screenshot:
m0n0wall
Software Details:
Version: 1.8.1
Upload Date: 17 Feb 15
Developer: Manuel Kasper
Distribution Type: Freeware
Downloads: 84

Rating: nan/5 (Total Votes: 0)

m0n0wall is a freely distributed, powerful, minimal and full-featured open source operating system that has been designed from the ground up to act as a complete firewall solution for embedded systems or personal computers. It is derived from the well-known FreeBSD distribution.

Features at a glance

Key features include a secure web-based interface that supports SSL (Secure Sockets Layer), 802.1Q VLAN support, logging, SNMP agent, DHCP server, captive portal, static routes, DynDNS client, wireless support, traffic shaper, network and host aliases, Wake on LAN client, caching DNS forwarder, SVG-based traffic grapher, and NAT/PAT support.

In addition, the distribution comes with stateful packet filtering, PPTP VPN with RADIUS server support, block/pass rules, support for IPsec VPN tunnels, support for access point with PRISM-II/2.5/3 cards, as well as IBSS and BSS with other wireless cards, including Cisco. The WAN interface supports Telstra BigPond Cable, PPTP, PPPoE and DHCP.

A serial console interface for system recovery is also provided from the get-to, allowing the user to assign network ports, set up LAN IP addresses, reset the password of the web-based interface, reset the system to factory defaults, reboot the system, ping the host, as well as to install the operating to a local disk drive.

Distributed as ISO and IMG images

This special distribution of BSD is available for download for free from Softoware or via its official website (see link below) as either bootable ISO images that can be deployed to CD discs or USB thumb drives, and IMG images that must be written only on USB sticks.

Users will be able to upgrade the firmware through their favorite web browser, simply by accessing m0n0wall’s web-based user interface. Additionally, it is possible to restore or backup your configuration. At the moment, the system is bootable on 32-bit and 64-bit computers.

What is new in this release:

  • add scheduler ("Croen") service with many different job types (enable/disable interface or shaper rule, Wake on LAN, reboot, reconnect WAN, execute command etc.)
  • improved IPv6 support, including IPsec, DHCPv6-PD, RDNSS and DNSSL, and NDP info on the ARP diagnostic page
  • major overhaul of wireless LAN support. On some cards, it is now also possible to create multiple APs at the same time. To reflect this change, the wireless settings have moved to the Interfaces: assign page, where WLAN subinterfaces can be created much like for VLANs.
  • DNS forwarder: add option to log DNS queries, add aliases (CNAMEs) and MXs
  • Add AES-256, SHA-256/384/512 and additional DH group options to IPsec
  • Make rule moving and deletion on shaper rules page work like for firewall rules.
  • Initial support for USB modems
  • enable CPU hardware crypto support
  • automatically reassign available physical network interfaces if none of the assigned interfaces in the configuration can be found on the system (i.e. for a new installation, or when moving an existing config to new hardware)
  • the "embedded" image is gone; generic-pc-serial should now be used for PC Engines and Soekris boards
  • console speed for serial images is fixed to 9600 baud (no longer tries to use BIOS preset value)
  • introduction of an automated build system that allows one to build m0n0wall from scratch with almost no manual intervention on a standard FreeBSD 8.4 system
  • countless bug fixes and improvements in UI and system configuration code

What is new in version 1.34:

  • Backported from beta branch:
  • Eliminate modifying GETs from webGUI pages.
  • Note: the API pages exec_raw.php and uploadconfig.php now require different parameters than before. exec_raw.php now requires the cmd to be given in a POST, and both pages need a valid CSRF magic token, which can be obtained by issuing a GET first without any parameters (see example in exec_raw.php comment).
  • Make rule moving and deletion on shaper rules page work like for firewall rules.
  • Add csrf-magic for CSRF protection in webGUI.
  • Fix potential XSS in diag_ping.php and diag_traceroute.php.
  • Increase key size of auto-generated webGUI certificates to 2048 bits.
  • Update default webGUI certificate/key.
  • Remove domain name handling from dhclient-script and change ARP command not to use sed (not used/available in m0n0wall).
  • Change virtualHW version to 7 for VMWare image to avoid errors in ESX 4

What is new in version 1.33 Beta 2:

  • a new image type "generic-pc-serial" has been added; the only difference to generic-pc is that it always uses the serial console (on COM1 at whatever speed the BIOS set it to)
  • reintroduced original FreeBSD if_re driver (to fix missing support for 8139C+) and added Realtek patched driver under a new name (if_rg) with lower priority to ensure that the Realtek patched driver is only used if the stock FreeBSD if_re/if_rl can't handle the device
  • DHCPv6: fixup for sla-id being 0
  • disallow webGUI passwords with colons (:) as mini_httpd has trouble handling them
  • fix broken captive portal sessions when per-user bandwidth limitation is used and changes in the webGUI are made that require reloading the traffic shaper (reported by Robert Solomon)

What is new in version 1.33 Beta 1:

  • updated ipfilter to 4.1.33
  • inbound NAT rules can now be added on the LAN interface with the WAN address as a target; this helps with accessing servers on an optional interface from the LAN interface by using m0n0wall's WAN IP address
  • replaced if_re driver by Realtek customized version to support RTL8111C (among others)
  • IPv6 improvements by Andrew White:
  • initial support for LAN IPv6 prefix assignment using DHCP-PD
  • added AICCU to interface status page
  • added IPv6 support for syslog destination
  • added IPv6 support for Diagnostics:Firewall States
  • added error handling to interface status page for AICCU being down
  • fixed DHCPv6 server setup when target interface is configured in 6to4 mode (reported by Brian Lloyd)
  • added support for user-customizable captive portal logout and status page, as well as a password change option for local CP users (contributed by Stephane Billiart)
  • added 'Bind to LAN' option for syslog, so you can syslog over a VPN tunnel
  • fixed dnswatch to deal with changed resolv.conf (for IPsec tunnels to dynamic endpoints)
  • fixed various XSS vulnerabilities in webGUI
  • added option on advanced setup page to defend against DNS rebinding attacks
  • fixed extra slash in captive portal redirect
  • added support for (manually updated) CRLs for IPsec VPN (contributed by Sebastian Lemke)
  • prevent /ext directory from being listed through webGUI (reported by Bernd Strehhuber)
  • fixed typo in system_do_extensions() that broke extensions support (reported by Bernd Strehhuber)
  • added check for DHCP reservation entries for the same MAC address
  • change EDNS to 4096 from default of 1280 for dnsmasq, should help with DNSSEC
  • don't let missing DNS server information keep DHCPD from starting

What is new in version 1.32:

  • m0n0wall 1.32 patches an Ethernet bug on ALIX boards (among others) and contains several other small fixes and improvements on IPv6, the DNS forwarder and the hardware monitor.

What is new in version 1.3:

  • WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
  • When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.
  • fixed DHCP server "deny unknown clients" option with known clients without a statically assigned IP address
  • fixed a security issue in the DHCP client (CVE-2009-0692)

What is new in version 1.236:

  • fixed a security issue in the DHCP client (CVE-2009-0692)
  • captive portal fixes (jdegraeve):
  • changed RADIUS timeout/maxtries from 5/3 to 3/2 reducing failover time from 30 to 15 seconds
  • added RADIUS attribute support for: ChilliSpot-Bandwidth-Max-Up/ChilliSpot-Bandwidth-Max-Down
  • fixed concurrent login detection, now case-insensitive
  • fixed Pass-Through MAC addresses in combination with RADIUS MAC authentication
  • SVG fixes for IE7/8
  • properly escape DHCP client hostnames in webGUI

What is new in version 1.3 Beta 18:

  • fixed broken IPsec support (missing library)

What is new in version 1.3 Beta 17:

  • Known issue: IPsec broken (missing library); 1.3b18 will be released soon
  • WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
  • When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.
  • Converted from BRIDGE to if_bridge. Removed multi-interface bridge check, and checkbox under System > Advanced for filtering bridge since member interfaces will now always be filtered
  • fixed a problem with ipnat refusing to create new RDR translation entries in the NAT table if a MAP entry exists for the same port, even though that check is probably only meant to check for existing RDR entries. This fixes issues with SIP communication when there is an inbound NAT mapping for port 5060. (see also http://marc.info/?l=ipfilter&m=121749272404107&w=2)
  • fixed problems when using advanced outbound NAT rules with destination matching (non-FTP connections were processed by the ipnat FTP proxy, leading to slowness, lost connections, rogue ICMP host unreachable messages etc. because ipfilter requires an additional match statement on the destination port when using proxies)
  • fixed DHCP lease page to only show the last lease for a given IP address (see dhcpd.leases(5))
  • fixed for IPv6 pages in user/group manager
  • show IPv4 gateway on Status: Interfaces page (was removed inadvertently)
  • fixed bug with IPv6 subnets in firewall rules
  • added device msk to kernel configuration
  • updated base system to FreeBSD 6.4
  • avoided PEAR dependency and fixed DHCPv6 range check when interface is not configured with a v6 address
  • put logging back in for anti-spoof block rule

Similar Software

JaguarMIUI
JaguarMIUI

15 Apr 15

BSD Router Project
BSD Router Project

17 Feb 15

Linux Kernel
Linux Kernel

17 Aug 18

LiveCD-OpenBSD
LiveCD-OpenBSD

19 Feb 15

Other Software of Developer Manuel Kasper

mod_auth_pubtkt
mod_auth_pubtkt

20 Feb 15

plconfig
plconfig

3 Jun 15

Comments to m0n0wall

Comments not found
Add Comment
Turn on images!