Hi Manuel, hi folks!
First let me say, that I'm no real fan of the OO approach in general.
There *are* possible benefits in using it, when it comes to GUI
programming, but not all apps are standing to benefit from OO. I can
imagine some things in m0n0wall where OO is useful: interfaces, objects
of hosts, networks and rules for example. In my opinion, PHP is able to
give us enough functionality for this.
Am Mittwoch, den 12.10.2005, 18:59 +0200 schrieb lola:
> to be honest, i like m0n0wall because it uses php! it makes changes to
> m0n0wall or the gui simple and easy. i think this is a great feature. i
> wouldnt give that up.
There's almost nothing I can add to this opinion.
Am Mittwoch, den 12.10.2005, 18:41 +0100 schrieb Peter Curran:
> 3. Can I offer Python as a possibility? It is naturally OO (literally the
> whole thing is a bunch of objects). It compiles down to a .pyc bytecode ala
> java and is becoming well supported and used
Thanks for mentioning, Peter. If OO is a "must have" there's IMHO no
other language than python which gives us more flexibility. It's widely
used for web apps as it is for standalone programs. The availibility to
precompile the code gives us small and fast programs. The language
itself was designed as true OO (do I here Smalltalk anywhere ;-)).
Perl? The OO part is the same as in PHP: only added afterwards. No, if
someone says Perl, then we can stay by using PHP.
Java? Convince me that it's not as slow and memory hungry as I know it
(especially on low end HW like our net4501).
C(++). Yes, for the backend (daemon part).
> In regards to an OS.
> I have been playing (a lot) with a linksys device called an NSLU2 and
> replacement software called OpenSLUG (www.openslug.org). This shows that you
> can make a mean and lean Linux, with a mature development environment from
> OpenEbedded. Maybe Linux is the way to go (I can't beleive I am saying
Linux (which I'm using for 13 years now) is surely one of the famous
OSes in our time. There is still rumour that the network code isn't as
stable and fast as that of the BSDish ones, but that's nonsense and not
true anymore. Even the filtering language (netfilter) has become a
global player. It's really amazing what we can do with netfilter in
combination with iproute2. Another good point for linux is the embedded
part of the kernel, but please keep in mind: Actually we have images for
four platforms: wrap net4801, nbet4501 and generic-pc (not mentioned the
cd image as fifth one); do we really want to support one for mips, one
for xscale, one for ...
Why I'm not voting for linux? See below:
> If you move from FreeBSD my vote would be for OpenBSD. There is a lot of
> clunky stuff in FreeBSD 4.x (like bridging) that may have been fixed in 6.x.
I'm not convinced in FreeBSD, too. FreeBSD5 was a showstopper and I
don't know how good FreeBSD6 is. Yes, pfsense is using it and Chris
surely can tell us more about it, so I'll stop with talking about
My vote goes to OpenBSD, too. Why?
* due to its emphasis on security, as Manuel said it.
It's not only build with security in mind, there are also a lot of
security related protocols like openssh which were actively pushed by
the OpenBSD team.
* the integration of pf and carp - pf is IMHO the best filtering
language around (if you don't mention netfilter ;-)), very similar to
ipfiter (since it's a further development of it), with a lot of
features, ipfilter4 should also bring us, but how stable would it be?
* carp/pfsync: this is the real highlight of OpenBSD and the real cause
not choosing Linux/netfilter. A HA application for filtering, just
like we know it from the good old Nokia appliances running the very
expensive CP software. I can't imagine any better point for OpenBSD as
this one, having stateful HA interfaces.
Sure both, pf and carp are ported to FreeBSD as well, but nothing is
better than the original.
* OpenBSD IPsec implementation (isakmpd), giving us NAT-T, xauth (for
cisco vpn clients for example) and filterable (!) Interfaces (one of
the major points why I looked at OpenVPN in m0n0)
* Hardware encryption: suports not only the soekris cards but also
VIA C3 and the RNG of the Intel motherboards
* better bridging code: STP support and able to be filtered by pf
It convinces me in the integration of all these features. Not like
FreeBSD/ipfw/ipfilter, OpenBSD uses one filtering language, one IPSEC
implementation and integrates all those perfectly into the kernel,
supporting cryptographic functions and accelaretion to all of them.
Thanks Manuel for developing m0n0wall. We'll do our best helping to make
it even better!!
Best regards, PIT
copyleft(c) by | "By golly, I'm beginning to think Linux really
Peter Allgeyer | _-_ *is* the best thing since sliced bread." (By
| 0(o_o)0 Vance Petree, Virginia Power)