On 10/13/05, Manuel Kasper <mk at neon1 dot net> wrote:
> So it looks like my idea of a central "core" daemon isn't going to
I think this is a very good idea for the reasons you mentioned, and
also in that it allows features that otherwise can't be done. Like
time-based firewall rules, this daemon could make these adjustments
(though I hear this is supposed to be supported in pf at some point in
the future, it currently isn't). I have no doubt there are a number
of other great possibilities along these same lines that just can't be
accomplished without something of this nature. Maybe multiple WAN
interfaces with failover support, where this daemon could poll
something (maybe ping something, or watch interface status, or
something of that nature, maybe user-definable) and fail over to
another WAN connection.
Problem is, if it's going to run all the time, it's going to have to
be light weight enough that it doesn't tie up significant resources,
especially CPU. Again, with limited resources we're working with, we
really have to watch this. So, IMO, interpreted languages like PHP,
Perl, etc. are almost certainly out of the question because of the
performance hit. C would be better suited for something like this,
but also no doubt much more difficult and time consuming to write, and
with far less potential contributors.
I don't think this idea should be discounted so quickly, as it appears
to have great potential.