That is a nice little board there. However, it is $200. For $200 I can get an Atom based 2 port with case and power supply that will run SmallWall / m0n0wall / pfSense without modification. I know a guy that uses them to power hotels in the north east. For under $400, I can get a 4 port gigabit with Intel chips. So what is the benefit for supporting that TI kit?
That said, I am sure the price will come down. When it does, if there is demand, porting for that board can be done. But if another board comes out based on the exact same arm chip, the image for the first board will probably not run. This is why dd-wrt and tomato have so many images. Each system need a different image.
But if you want to port to that kit, I support you and will help any way I can.
What's the plan for software choice, if that's been established? Will it stay the same as m0n0wall with e.g. ipfilter instead of pf as like I said in the m0n0wall thread, ipfilter seems faster from my own testing.
Also, would it be possible to keep the traffic shaper from m0n0wall, or at least have it as an option?
As others have said, I don't think there's necessarily a lot to improve on m0n0wall feature-wise, though I agree OpenVPN support could be useful. I'm happy to see the focus for the project remains similar to m0n0wall in avoiding too many features, etc.
And lastly, another big thanks from me! I'm not sure what I could offer in terms of development but I have an APU1C as my active router and a 2D13 on standby along with a couple of standard PCs to test builds.
weust, I do not know. Honestly, I have not played with hyperV at all yet. But I will look into it. Of course, most of the tools (vmware tools as well) are totally not needed for SmallWall. You do not need to gently shut it down. You do not need to gracefully pass mouse movements or video output. All you really need are drivers for nic and chipset.
watercooled, I have no urge to make another copy of pfSense. As to specifics, some of that will be decide by the dev team as time goes on. Right now I seen no reason to go to pf, as it does have a performance impact. And I am a big fan of the m0n0wall traffic shaper, over the one in pfSense. But I suspect the limitations are related to the use of pf...
As for the changes I want to see, they are small things. VPN support. A tap for sniffing. Some updates to the GUI. But performance is first.
It's actually a good idea to consider first these two things in mind for now. Updating the site to a new design, I can help in that as well. If you want I can provide you Hosting space on my Server. But my concern is more about what will be done in SmallWall apart of the security patches ?
So, time to start breaking up this thread... There will be a website and GUI thread started in the Dev section. Some of y'all need to be there!
As for what is needed, money is way down on the list. I am amazed at how little I have spent so far... But people are needed. And contributions are not just coding... Artistry (Lord knows I am not good at it), support, web design, and so on... We need it all. But this thread is about the goals of the project. Vasiqmz hit the nail on the head when he asked "But my concern is more about what will be done in SmallWall apart of the security patches ?"
1) Security patches are first. Knowing that what we have now will still work in the future is needed for many to even consider adoption.
2) Driver updates, usually accomplished by moving to a later version of FreeBSD. This is a lot of work, but totally needed as new hardware comes out.
3) New features. It is last on the list, but it is on the list. And the last snapshot of m0n0wall had the first pass at some new VPN options... This will happen, but it will be a small part of the overall project. One of the best features of m0n0wall was it's stability. SmallWall needs to keep that feature.
I put a lot of work awhile back trying to update m0n0wall to FreeBSD 10 current. I was able to get the vast majority of files patched etc and updates to many of the ports working fine. I ran into some issues I'm sure others could have overcome. Anyways I foolishly got rid of everything I had accomplished when the repository showed that m0n0wall developers started FreeBSD 10 working build.
Looking forward we should be looking at migrating to FreeBSD 10 immediately. Keeping the 8build tree patched shouldn't be too difficult.
Yes! Update for FreeBSD 10 current. I would say that is a top 3 priority. Being able to run smallwall on newer hardware would be great and the fact it has already been done means it should be low hanging.
The newer hardware is so fast Sandy/Ivy Bridge and Haswell generation chipsets and Lan controllers would really allow high volume throughput with a dead simple firewall engine and interface
I think a great new feature is canned HA. Make it dead simple like pptp vpn. Just set up two smallwalls, and have the HA config do some floating IP version like hsrp/vrrp. Maintaining in fight connections through a failover I think could be punted on, if it made it too complicated for version 1. Just having a standby box take over and external and internal, etc floating IP in under a minute would be and awesome first rev.
I must say Lee that I am glad you took up the project from where Manuel left off. I have been a long time user of M0n0wall, it fit my needs perfectly for the longest time and was sad to see it go. I much prefer an affordable and compact embedded appliance and I am glad to see that I am not in the minority. There is however one or two features that I had hoped would eventually make it into M0n0wall and now am hopeful might be considered for SmallWall.
First: OpenVPN support.
Don't know how hard this would be to implement nor what kind of impact it would have on an embedded appliance. However, OpenVPN is looking very promising in terms of security and appears to be gaining support from many vendors.
Second: Dual WAN Support
The ability to combine two WAN connections to act as one and double throughput or configure a failover would be very useful in business environments.
I agree that those would be nice. But I have looked into them, and there are substantial complications. For OpenVPN, it would conflict with the other VPN services in may ways and would take substantial rewriting. That is why L2TP was implemented. It was just the much easier way to implement a modern VPN.
As for the Deal WAN, again that adds a lot of complications. Especially for non-dual wan users... Look at pfSense and the complexity involved with gateways. (Which only makes sense when you have Dual WAN, but is still complex with a single source.) Right now, I find it easier to stick SmallWall behind a cheap TP-Link load balancer. It works well, and you still have a rock solid and secure firewall behind the load balancing.
Now this is not to saw those things will not be done. But someone needs to address those problems first. If you have any ideas, I am all ears!
Hookup Women Utilizes Free of charge Matters? An Excellent Horizontal Reward!
Free of charge hookup ladies free best hookups on the web is the best solution if you're tired with going to night clubs and night clubs simply to be ignored, or perhaps more serious, laughed at. I know what it's like because I've been there. I used to be single and eager in the day time -- I essential a whole new lover -- having said that i continued attempting because I needed hardly any other selection. If you're one particular man who would like to hookup with sexy girls without going to those areas the location where the females are by itself, this post might just alter your lifestyle. It would make clear why online dating online is the greatest option if you're a male who may be shy to method an attractive woman inside a nightclub or membership.