End of the m0n0wall project and alternatives

So what's m0n0wall?

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).

m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.

m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
Unfortunately,  on 2/15/2015 - End of the m0n0wall project was announced with official reason "there are now better solutions available and under active development".
So where to move now?

As m0n0wall maintainer suggested, people have 2 options, depending on what they need:
  • the same light firewall
  • don't mind more robust solution  
Let's start with people who don't mind migrating to more robust solution "like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense ... and I encourage all current m0n0wall users to check out OPNsense and contribute...".

"If you are happy with the current feature set of m0n0wall and just need a security patch, bug fix, hardware compatibility update or minor improvement now and then, there are two nascent projects started by former m0n0wall developers/users that may have something for you: SmallWall and t1n1wall."

So what are those projects and what they wanna do?


According to forum, at the moment, the only list of plans is to:
  1. Fix the ipsec bug when l2tp is enabled
  2. Fix an outstanding RA announce problem that fills logs
  3. Add support for ippools
  4. Possibly update DDNS to support NAT and Cloudflare

As author says: "I don't have any plans to change from what m0n0wall was, stay using a RAM based disk system, and keep it small.  I hope to keep it up to date, squash bugs and apply security fixes, and hopefully get the 10.1 version completed , so it supports more hardware."

You can get snapshots at: http://sourceforge.net/projects/t1n1wall/files/snapshots/


Project philosophy according to website
  • Small, lean and elegant code - There is no need for bloat
  • Do one thing, and do it well - This is a security device, not a print server
  • Simple is good - Doing things the right way should be easy
  • Form Follows Function - I like pretty, but not at the expense of performance

"But this is not going to be m0n0wall unchanged. There are some things that I would like to see changed.
  • Re-basing to support newer hardware
  • Adding newer VPN support
  • More attractive UI
  • Easier integration with IDS/SEM systems"
 You may download it http://smallwall.org/download.html.

So, what is your escape plan?

Jan Hovancik

software developer - guitar player - poetry lover