Download m0n0wall 1.33

The package m0n0wall is a firewall with extended possibilities. It is based on the FreeBSD 6.x operating system and can be set up entirely via a web interface. M0n0wall has support for 802.1Q vlan, nat/pat, ipsec/vpn tunnels and pptp-vpn. In addition, it can apply packet filtering and has a traffic shaper. The developers recently released m0n0wall 1.33 and provided the following list of changes:

m0n0wall 1.33 released

m0n0wall 1.33 adds a new image type for generic PCs with a serial console, further improves IPv6 support, includes a driver for newer Realtek network chipsets and contains various small changes and bug fixes.

Known issues:

• WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
• When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.

Changes in this release:

• a new image type “generic-pc-serial” has been added; the only difference to generic-pc is that it always uses the serial console (on COM1 at whatever speed the BIOS set it to)
• added Realtek customized network chip driver to support additional chipsets
• updated ipfilter to 4.1.33
• inbound NAT rules can now be added on the LAN interface with the WAN address as a target; this helps with accessing servers on an optional interface from the LAN interface by using m0n0wall’s WAN IP address
• IPv6 improvements by Andrew White:
  • support for LAN IPv6 prefix assignment using DHCP-PD
  • added MTU option for RA
  • added AICCU to interface status page
  • added IPv6 support for syslog destination
  • added IPv6 support for Diagnostics: Firewall States
  • added error handling to interface status page for AICCU being down
  • fixed DHCPv6 server setup when target interface is configured in 6to4 mode (reported by Brian Lloyd)
• modified “disable port mapping” option so that it will actually avoid port mapping whenever possible, but fall back to port mapping if another mapping for the same port already exists (inspired by a patch submitted by Adam Swift)
• added support for user-customizable captive portal logout and status page, as well as a password change option for local CP users (contributed by Stephane Billiart)
• added ‘Bind to LAN’ option for syslog, so you can syslog over a VPN tunnel
• fixed dnswatch to deal with changed resolv.conf (for IPsec tunnels to dynamic endpoints)
• fixed various XSS vulnerabilities in webGUI
• added option on advanced setup page to defend against DNS rebinding attacks
• fixed extra slash in captive portal redirect
• added support for (manually updated) CRLs for IPsec VPN (contributed by Sebastian Lemke)
• prevent /ext directory from being listed through webGUI (reported by Bernd Strehhuber)
• fixed typo in system_do_extensions() that broke extensions support (reported by Bernd Strehhuber)
• added check for DHCP reservation entries for the same MAC address
• changed EDNS to 4096 from default of 1280 for dnsmasq, should help with DNSSEC
• don’t let missing DNS server information keep DHCPD from starting