Quote:
I believe that all (?) of the features on your wish list are available on the Linksys AP/Routers when used with SveaSoft firmware. And possibly with other firmwares, like perhaps OpenWRT.

Cheers


Yeah, I gave up on the whole web gui thing. I'm running OpenWRT on my WRT54G to great effect - the thing has a built in VLAN switch, so I have my WLAN, internal LAN, DMZ network and internet all on separate VLANs. I'll likely trunk one of the remaining 2 ports to feed an IDS. Setting this configuration up wasn't trivial though - all the commands were programmed manually into the nvram. The great thing is that I know that they won't get screwed up because of some accidental mouse click in a gui though.

Not being one to leave any hardware alone if it at all hackable, I did the sd card mod, so I know have a (previously spare) 64MB sd card for holding stuff on, instead of the paltry 4MB flash. (Actually, I've been wondering whether the hack is suitable for the empeg too..)

As for firewalling, I'm using fwbuilder, which is a _great_ tool. fwbuilder allows you to build policies on a remote machine, and then compile and push them over ssh to the firewall itself. It supports multiple firewalls driven from the same policy file so you can define network addresses and custom services in one place and use them in multiple firewalls. The GUI is powerful and object based - you can define rules based upon groups of objects ( hosts, networks, services etc) and then when you modify the group membership the rules automatically take account of the change. It will compile rulesets for a variety of firewall technologies (ipchains, ipfilters, ipfw, iptables, pf, pix) and target the resulting scripts to a variety of OSs (eg linux, MacOS, FreeBSD, OpenBSD etc), so if I want to change hardware somewhere down the line, I won't have to rewrite my ruleset from scratch like I did last time.

It's hands-down the best GPLed tool I've seen for generating firewall rulesets, and compares well to many commercial offerings too. The GUI design is very similar to Checkpoint, which remains a favorite in the commercial world.
_________________________
Mk2a 60GB Blue. Serial 030102962 sig.mp3: File Format not Valid.