Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Lee Sharp

#1
15.1 Legacy Series / Re: Hardware build
March 26, 2015, 07:58:22 PM
I have used a lot of the systems from Logic Supply with m0n0wall and SmallWall and get consistent 600 meg transfers. (On on Intel gigabit nics, not the realtec addin boards)  The Atom based firewalls sip power, for the grunt they bring to the table.  Tell Steve Win I sent you.  It may not help, but who knows. :)
#2
General Discussion / Re: admin gui access from WAN
February 27, 2015, 05:15:36 PM
If you really want to you can try to create a block rule on the LAN interface to the WAN IP address.  I am not sure what would happen to traffic at that point, however, as it is a very odd configuration.
#3
Quote from: bchociej on February 27, 2015, 05:37:35 AM
Cheers to the lively discussion here. I am so glad to see an organization picking up the m0n0wall/pfsense project in a responsible, open way!
Keep in mind that OPNsense is not the only option.  There is still pfSense, and www.smallwall.org is aiming to just continue where m0n0wall left off with minor changes.  (And a beta was just released with l2tp support)  There is also one other I am aware of that has not been officially announced, but is allong the same lines as SmallWall.

And choice is good.  If a tad overwhelming when you first open a new GUI. :)
#4
15.1 Legacy Series / Re: Web filtering
February 26, 2015, 08:57:21 PM
Quote from: jstrebel on February 26, 2015, 08:59:25 AM
Franco.
I can send you the code what we did for monowall.
jakob
I would love to see this code too!
#5
Quote from: franco on February 22, 2015, 07:18:43 PM
Quote from: Lee Sharp on February 22, 2015, 05:52:31 PM
Disclaimer:  Yes, I am behind one of the potential alternatives at www.smallwall.org so may be slightly biased. :)

We appreciate diversity of opinion. I can see that not all the m0n0wall folks are happy. It may be an impossible feat to bring everybody under a single roof.
Oh yes! :)

On the other hand, why should everyone be under one roof?  Can you imagine if there was only one type of house for everyone?  (And how ugly that designed by comity thing would look?) :)  Sometimes you need different houses, but that is no reason they can not be good neighbours.  I think if you try and serve both the small and the full featured, you may have more trouble then you think.  When the classic "ram is cheap" runs up against ram soldered on the motherboard, for example. :)  But with two houses that often work together (as pfSense and m0n0wall were in the early years) both projects benefit quite a bit.

But as several others have posted, simple can be good either way.  When there are too many choices, it is overwhelming.  For an example, compare the traffic shaper in m0n0wall to the one in pfSense.  Having a light install can only help.  In m0n0wall we actually had several features that could not be found in the GUI on purpose.  By the time you needed them, you had learned enough to be ready for them. :)
#6
Quote from: Packet on February 22, 2015, 03:05:47 PM
We had a go moving to pfSense a year ago but we dropped it and returned to m0n0 after reading their PHP scripts, it was a horror show, nobody tight on security would ever code that way.

This can be a problem with what I call "kitchen sink" applications, with open plugin architecture.  They focuse on features and not security.  That is why so many people stuck with m0n0wall over the years.  It only tried to do one thing.

Quote from: Packet on February 22, 2015, 03:05:47 PM
It also looked like the pfSense team is in "cash out" mode and is now focused on the $ instead of theirs users, so it is great to hear someone else felt the same about pfSense and decided to do something about it, please promise you guys will never turn arrogant (I am looking at the pfSense team).  ;)

This is another problem I have seen with open source apps over the years.  Someone decided to monetize, and things go downhill fast.  pfSense is just the latest, but Untangle, Nagios, Elastix and FreeNAS also have had similar problems.  So this is a good thing to look at.  Do they have a plan for later?

But lastly, remember that there is no rush.  Your m0n0wall system is still quite stable and will be fine for quite a while.  Also the m0n0wall developers did not all retire with Manuel.  I have been talking with a few of them, and while we are impressed with OPNsense, many of us do not feel it truly addresses the m0n0wall segment.  (Others do, and my join the project)  But take some time and look at the various alternatives.  There is no rush.

Disclaimer:  Yes, I am behind one of the potential alternatives at www.smallwall.org so may be slightly biased. :)
#7
Because I can add drivers for one platform in one day.  Doing an entire basis takes a lot more. :)  However, you are right in that we need to stay current.  It adds ALL the drivers for nics, video, and more...

I was just saying we might be able to fix your problem sooner than you think.
#8
Quote from: weust on February 20, 2015, 12:18:49 PM
For me the main reason to leave m0n0wall was the interest in running it virtual.
I'm a home user/hobbyist (with a job as sysadmin) and the lack of a newer FreeBSD as basis was holding me back.
People keep saying this, but the basis is not the problem.  There are m0n0wall images with ESXi vmxnet3 drivers and images with KVM Virtuo drivers.  I am sure we can get m0n0wall / SmallWall to work on HyperV in the 8.x branch, and that will be a lot faster than rebasising. :)
#9
15.1 Legacy Series / Re: Please redesigned interface.
February 20, 2015, 05:33:02 PM
I think you underestimate the level of religious war you have started here. :)  Website look and feel gets very [personal for a lot of people very fast.  I am in the middle of this now with the (potential) SmallWall project as everyone is contacting me to see what direction the web interface is going.  Who cares if the firewall works... ;)

What I can say is that modifying the web interfaces of projects like these is very easy, so you may just want to make some changes yourself and present them.  If enough people like it, you may get adopted.  If not, at least your copy works for you!
#10
Good afternoon gentlemen. :)

We were all stunned by Manual's announcement.  And I cam over looking at your project immediately.  And while it looks cool and is doing interesting things, there are several places were it diverges considerably from the old m0n0wall philosophy.

Now before I start, understand that this is not an attack on your project.  I like it and want it to do well.  It is an observation on how it does not fit many of my personal use cases, and how I think it would be a poor fit if crammed in.

1) I have a lot of production firewalls on old terminal servers with AMD Geode CPUs, and 128 meg of ram with 125 meg flash.  Ouch...

2) The traditional view of m0n0wall was a small and lean firewall that did one thing and did it well.  Seeing a section on packages and jails is not in that direction...  :o

Seeing this, and not seeing Manual reconsider I set up www.smallwall.org to see if there was another way forward.  Right now it is just a potential project, and if OPNsense can fill the need, it can fade away with no loss...  But, I think the philosophies are very divergent, and it may be better to have two projects with some shared resources and developers, then to try and make one shoe fit on every foot.

Way back in the dawn of time  (around 2005-2007) pfSense was a "friendly fork" of m0n0wall.  A lot of the key developers were in both projects.  Chris was very active in m0n0wall development, and his website supported a number of m0n0wall mods.  Somewhere along the line, it got less friendly, but that is not to say that it can not work now.

If there is a SmallWall and a OPNsense, there is no need to converge them.  But developments on one can go to the other, and back.  Also, there is no need to "undo" things from OPNsense to fit them into a small build...  I encourage anyone here to go sign up to the SmallWall forums while we hash out where (and if) we want to go.  There is no reason that we can not have two projects that both leverage each other to make for better solutions for all.