m0n0wall 1.34 released

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

m0n0wall provides many of the features of expensive commercial firewalls, including:
  • web interface (supports SSL)
  • serial console interface for recovery
    • set LAN IP address
    • reset password
    • restore factory defaults
    • reboot system
  • wireless support (including access point mode)
  • captive portal
  • 802.1Q VLAN support
  • IPv6 support
  • stateful packet filtering
    • block/pass rules
    • logging
  • NAT/PAT (including 1:1)
  • DHCP client, PPPoE and PPTP support on the WAN interface
  • IPsec VPN tunnels (IKE; with support for hardware crypto cards, mobile clients and certificates)
  • PPTP VPN (with RADIUS server support)
  • static routes
  • DHCP server and relay
  • caching DNS forwarder
  • DynDNS client and RFC 2136 DNS updater
  • SNMP agent
  • traffic shaper
  • SVG-based traffic grapher
  • firmware upgrade through the web browser
  • Wake on LAN client
  • configuration backup/restore
  • host/network aliases
m0n0wall 1.34 released on 11/12/2012
There are ready-made binary images for embedded computers from Soekris Engineering and PC Engines, a CF/IDE HD image for most standard PCs (other embedded ones may work, too) with either keyboard/monitor or serial console, a CD-ROM (ISO) image for standard PCs, a VMware image, as well as a tarball of the root filesystem. Refer to the installation instructions for information on how to install these files on the various platforms.
Known issues:
  • WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
  • When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.
Changes in this release:
  • Backported from beta branch:
    • Eliminate modifying GETs from webGUI pages.
      Note: the API pages exec_raw.php and uploadconfig.php now require different parameters than before. exec_raw.php now requires the cmd to be given in a POST, and both pages need a valid CSRF magic token, which can be obtained by issuing a GET first without any parameters (see example in exec_raw.php comment).
    • Make rule moving and deletion on shaper rules page work like for firewall rules.
    • Add csrf-magic for CSRF protection in webGUI.
    • Fix potential XSS in diag_ping.php and diag_traceroute.php.
  • Increase key size of auto-generated webGUI certificates to 2048 bits.
  • Update default webGUI certificate/key.
  • Remove domain name handling from dhclient-script and change ARP command not to use sed (not used/available in m0n0wall).
  • Change virtualHW version to 7 for VMWare image to avoid errors in ESX 4
Version: 1.34
Release date:
11/12/2012


Source -