What's Next for m0n0wall?
As of August 2004, m0n0wall version 1.0 has been available for 6 months. Since version 1.0's release, there have been 17 public betas of m0n0wall version 1.1. The small increment in version number doesn't really do the new version justice, however, since alongside many small improvements and fixes, the following functionality has been added:
- Third party optional module support
- Adobe SVG real-time traffic graph
- Captive Portal with RADIUS authentication
- Ability to activate 'Wake on Lan' network clients from admin interface
- USB and SCSI disk support
- 802.1Q VLAN support
- 'Magic Shaper' auto-configured traffic shaping
Of these I consider the Captive Portal and the VLAN functionality the most significant. The Captive Portal allows you to run a public network on one of the firewall interfaces, useful for public wireless hot-spots and public access areas such as libraries, etc. The Captive Portal displays a web page upon a client's first attempt to access the Internet, typically displaying a 'Acceptable Use Policy' which must be agreed to before unrestricted access to the WAN network is permitted. The Captive Portal also allows an external RADIUS server to authenticate the user before they are granted access.
VLAN works in conjunction with a managed network switch that supports 802.1Q VLAN tagging. This allows "virtual" optional interfaces to be configured in m0n0wall and was added with larger segmented networks in mind.
Among the list of enhancements already on the "To do / Wish list" for subsequent versions are:
- OpenVPN support
- Certificate authentication for IPSec VPNs
- Host/network grouping for aliases, will allow firewall rules to be applied to logical groups
- Time of day/week based firewall rules
- Port scan detection with automatic black holing
- Secondary WAN networks, possibly with load balancing
- Dialup backup link, via serial port
Of these host/network grouping, secondary WAN interfaces and backup links, and Certificate Authentication for IPSec VPNs will be the major features.
Update 8/22/2004 - m0n0wall v1.1 has been released. Changes include:
- captive portal support (with RADIUS authentication)
- 802.1Q VLAN support
- magic shaper wizard for the traffic shaper
- SVG-based traffic grapher
- Wake on LAN client
- improved HTTP (webGUI) server security
- updated base system to FreeBSD 4.10-RELEASE
- updated various utilities to the latest versions (PHP, racoon, MPD, ipfilter)
- many bug fixes (PPTP VPN, ipfilter, etc.)
A full description is available in the m0n0wall Change Log.