There have been a lot of interesting comments and mixed opinions,
which is what I was hoping for. Thanks for participating in this
discussion so far! Now - I've read all of the 70 posts to the "The
future" thread, and rather than replying to each message
individually, I'm trying to summarize what is going on so that we'll
all talk about the same thing and not get stuck in details (yet).
I have proposed to turn the part of m0n0wall that handles the actual
configuration of the system (which is now the boot scripts that are
called by the webGUI whenever necessary) into a daemon that manages
all aspects of the system's configuration, with the webGUI being only
a client to that daemon. Because unfortunately PHP does not lend
itself well to use as a multi-threaded daemon with network server
support (which, the way I see it, would be necessary), I have
proposed to use another language for the task. It was never proposed
to use anything else but PHP for the webGUI.
This has generated an outcry - many developers and even users don't
want to see m0n0wall using anything else but PHP. A few possible
candidates for the daemon were mentioned (Python, Ruby, Perl, ...),
but apparently most people would rather see things stay the way they
So it looks like my idea of a central "core" daemon isn't going to
work, and I ask you: how else could we improve the current state of
m0n0wall's architecture to make it more modular and maintainable (in
that new features don't require lots of changes everywhere) while
still using only PHP? Or could you think of a way to get that "core"
in PHP? Maybe there's an easy way that I haven't thought of. Maybe
we'll have to build a prototype or two to try a new architecture and
see if it works. SOAP has been mentioned a couple of times for the
interaction between the webGUI and the core, and that was my first
thought as well. In any case, something needs to be done if we want
to keep m0n0wall clean, efficient and stable - we can't just keep
hacking on it until it's a complete mess. I'm very eager to hear your
About the operating system - seems like opinions diverge largely on
this topic. Some think OpenBSD is the way to go, others claim that
FreeBSD 6 would be a better choice (hardware/wireless support,
performance), there are some DragonFly advocates, some think highly
of netfilter/iptables and others consider it crap compared to pf.
This is going to be a difficult question, and I'd appreciate if
someone (Chris? ;) could put together some kind of feature matrix so
that all the advantages and disadvantages are clear and can be
weighed up. Perhaps one of the survey's questions could be "Which OS
would you like m0n0wall to use in the future?" - see if we can spot a
Another question, related to the operating system question, is what
the future minimum hardware requirements to run m0n0wall should be.
At the moment, we assume at least 64 MB of RAM, and I don't think we
should increase that minimum amount due to the large number of
embedded systems that don't come with more and can't be upgraded.
However, I see no problem with requiring larger CF cards, now that
you almost can't buy anything smaller than 64 MB. However, if we
continue using the MFS approach, we're still limited by available
RAM. We might also consider ditching MFS when we switch to another
operating system (or a newer version of FreeBSD). Of course, how to
handle firmware upgrades like that is something we'd still have to
As far as the near future is concerned - 1.2 will of course continue
to be maintained, but only for bug fixes and minor improvements. I
don't think it'll make sense to spend much time rewriting the OpenVPN
support to integrate cleanly when the architecture is going to change
to make it easier anyway. The captive portal improvements are another
story, of course.
Finally, about the upcoming survey: I've started a collection of
questions that we could ask on
<http://wiki.m0n0.ch/wikka.php?wakka=SurveyQuestions> (in blatant
abuse of the documentation wiki - please forgive me, Chris). Please
add any questions that you think could produce valuable feedback to
Once again - thanks everybody for your input!