1.2. What SmallWall is not...

SmallWall is a firewall, and the purpose of a firewall is to provide security. The more functionality is added, the greater the chance that a vulnerability in that additional functionality will compromise the security of the firewall. During the recent news of massive vulnerabilities that swept the Internet (Heartbleed, Shellshocked...) m0n0wall stood immune. In the case of Heartbleed, it was because it used a version "too old" to be effected, and in the case of ShellShocked, it was because it had no shell!

It was the opinion of the m0n0wall founder and is still the opinion of the SmallWall core contributors that anything outside the base services of a layer 3 and 4 firewall do not belong in SmallWall. Some services that may be appropriate are very CPU-intensive and memory hungry, and SmallWall is focused towards embedded devices with limited CPU and memory resources. Also, from a security standpoint, it makes sense to separate some functions and load to other hardware. SmallWall is designed to integrate with this type of separate hardware.

We feel these services should be run on another server, and are intentionally not part of SmallWall:

For the same reason, SmallWall does not allow console logins: there is no login prompt at the console (it displays a menu instead), and there is no telnet or ssh daemon.