Software update: m0n0wall 1.3b18

The package m0n0wall is a firewall with extended possibilities. It is based on the Freebsd 6.x operating system and can be set up entirely via a web interface. M0n0wall has support for 802.1Q vlan, nat/pat, ipsec/vpn tunnels and pptp-vpn. In addition, it can apply packet filtering and has a traffic shaper. The developers have already released the eighteenth beta version of m0n0wall 1.3, and the list of changes since the previous entry in the Meuktracker looks like this:

Version 1.3b18:

WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.

  • fixed broken IPsec support (missing library)

Version 1.3b17:

  • Converted from BRIDGE to if_bridge. Removed multi-interface bridge check, and checkbox under System > Advanced for filtering bridge since member interfaces will now always be filtered
  • fixed a problem with ipnat refusing to create new RDR translation entries in the NAT table if a MAP entry exists for the same port, even though that check is probably only meant to check for existing RDR entries. This fixes issues with SIP communication when there is an inbound NAT mapping for port 5060. (see also
  • fixed problems when using advanced outbound NAT rules with destination matching (non-FTP connections were processed by the ipnat FTP proxy, leading to slowness, lost connections, rogue ICMP host unreachable messages etc. because ipfilter requires an additional match statement on the destination port when using proxy)
  • fixed DHCP lease page to only show the last lease for a given IP address (see dhcpd.leases(5))
  • fixed for IPv6 pages in user/group manager
  • show IPv4 gateway on Status: Interfaces page (was removed inadvertently)
  • fixed bug with IPv6 subnets in firewall rules
  • added device msk to kernel configuration
  • updated base system to FreeBSD 6.4
  • avoided PEAR dependency and fixed DHCPv6 range check when interface is not configured with a v6 address
  • put logging back in for anti-spoof block rule

Version number 1.3b18
Release status beta
Operating systems BSD
Website m0n0wall
License type Conditions (GNU/BSD/etc.)