Ok, here are my 2 cents...
I totally agree with Manuel regarding a common platform like subversion.
There are enough skilled people out there to contribute.
I think few things are becoming a must:
- a core with some sort of API (could be SOAP) handling the "core functions"
- modules for the "nice to have" features
- GUI
- Strict guidelines on API interfacing and programming
I'm thinking about a core-development team managing the core releases
and "the rest" building modules.
If the coding rules are strict enough you can pretty easely integrate
module in to the core or viceversa.
The modular way would allow the "conservative guys" to keep up with a
sleek and easy m0n0wall and all those who likes pot-firewalls with
integrated print-servers, IDS /IPS, bluetooth, ... are good served with
the modules.
Regarding the OS, well, I'm a linux guy but from all BSD derivates
openBSD is the one for me.
It has a clear code and it is more conservative, finally is rock-stable.
For the filter PF would be my choice because of the features.
For the logic and human interface my hint is to clearly use objects:
network-object + service-object = rule
or even better
net-group-object + service-group-object = rule
best regards
------------------------------------------------------------------
Daniele Guazzoni
Senior Network Engineer, CCNA, CCNP
Ackersteinstrasse 203
CH-8049 Zurich
------------------------------------------------------------------
"Destiny is not a matter of chance, it is a matter of choice;
it is not a thing to be waited for, it is a thing to be achieved."
William Jennings Bryan | 