The ONE thing I feel Monowall lacks is native SIP firewall rules and traffic shaping... lets face it, if we are big enough geeks to run our own firewall by sifting through the myriad of "junk comps" we have lying around to build a working Monowall, we are most likely big enough geeks that we are 100% on the VoIP train.
Currently Monowall Traffic shapes the "bad" by lowering priority on specific popular P2P ports etc, but it does not shape the "good" for others (SIP 5060
)
I know SIP is a big pain in the rear with the whole UDP 5060 and TCP 10000-20000 but there has to be SOMETHING that can be defaulted.
Look into the Fortigate implementation of this if you need ideas.. they did a good job of this on their products.
It is definitely easy enough to setup SIP NAT rules and traffic shaping rules yourself, but Monowall would not have such an intuitive interface and easy-to-use install process if it was only meant for those who could set-up a command line based FreeBSD firewall from scratch anyway...
Monowall is one of the best open source projects out there in my opinion as it delivers exactly what it promises... and all without being ridiculously pretentious or self-righteous. It is nice to see a long-running and successful OSS project that has remained "project-centric" without transforming into a zealous "community-centric" subculture.
Keep up the good job all involved... Monowall only gets better every day.
m0n0wall Forum > m0n0wall Support (English) > Feature Requests
Topic: SIP Awareness and Built-in SIP Traffic Shaping as Default