[talk] m0n0wall project ending

Mark Saad mark.saad at ymail.com
Sun Feb 15 15:28:34 EST 2015


> On Feb 15, 2015, at 2:54 PM, Charles Sprickman <spork at bway.net> wrote:
> 
>> On Feb 15, 2015, at 2:44 PM, Okan Demirmen <okan at demirmen.com> wrote:
>> 
>>> On Sun, Feb 15, 2015 at 2:26 PM, Charles Sprickman <spork at bway.net> wrote:
>>>> On Feb 15, 2015, at 2:19 PM, Brian Callahan <bcallah at devio.us> wrote:
>>>> 
>>>> 
>>>>> On 02/15/15 14:16, Charles Sprickman wrote:
>>>>>> On Feb 15, 2015, at 11:13 AM, George Rosamond <george at ceetonetechnology.com> wrote:
>>>>>> 
>>>>>> Mark S. noted this:
>>>>>> 
>>>>>> http://m0n0.ch/wall/end_announcement.php
>>>>>> 


Back to m0n0 for a second . For. Home router m0n0 was appealing due to is minimal requirements and small install size . It works on 16m of storage and 16  m of ram . 

Pfsense added ton of features and requirements; it always seamed so bloated compared To mono but pf and newer FreeBSD as a base won out . 

I would Iike to preserve the sources for m0n0 on our mirror . I think there is value in revising its tiny install size and minimal requirements. 

If i had the time would like to explore m0n0 . 


>>>>>> The end of m0n0wall…
>>>>> The most interesting thing I found there was this:
>>>>> 
>>>>> https://opnsense.org
>>>>> 
>>>>> Never heard of it until today. It is a pfsense fork…
>>>>> 
>>>>> I’ve had good luck with Dutch software so far (hi, PowerDNS, OpenVPN-NL), this should be interesting to watch.
>>>> 
>>>> BSD Now has had some coverage of OPNsense recently. I think they
>>>> interviewed one of the project members. Worth checking out if you have
>>>> some time.
>>> 
>>> I also should have included this:
>>> 
>>> https://wiki.opnsense.org/index.php/OPNsense:So_why_did_we_fork%3F
>>> 
>>> Seems like a bunch of valid points.  Ethically, I’d say if the company sponsoring this fork did contribute time and money to the pfsense project as they claim, then this is quite fair.
>>> 
>>> I do wonder why they would go to the trouble of rewriting the front end to not require php running as root yet continue to use php. :)

It has to do with the historic m0n0 base . They removed most of the shell scripts in favor of using PHP for cli stuff .

>> 
>> Well, one of the biggest criticisms is the fact that one is
>> controlling a security device via a web interface, running an
>> application directly as root; basically webmin on the security device.
>> Web accessibility tends to be more important; odd for security device
>> management, but meh, ymmv.
>> 
>> Sure, use something other than php; that doesn't address the issue.
>> There's a reason why privilege separation has existed for umpteen
>> years - it's time to starting using such a thing, no??
> 
> Well, the scary part is that pretty much every home router that runs
> Linux is running everything as root.  And meaningful security
> updates for $40 hardware?  Yeah, not going too happen too often.
> And it seems like some of the newer botnets are now leveraging home
> routers rather than PCs.  Such a pool of exploitable hardware thats
> rarely touched by its owners…
> 
> As for opnsense, to be clear, they are no longer running the web admin as root.
> 
> Also I was poking around, and the daemon that waits for commands from the web UI is python and not php.  Not sure how much better this is, but it’s likely not worse than pfsense:
> 
> https://github.com/opnsense/core/blob/master/src/opnsense/service/modules/processhandler.py
> 
> Charles
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

Mark saad | mark.saad at ymail.com 


More information about the talk mailing list