Manuel Kasper wrote:
>Dear m0n0wall enthusiasts,
>now that m0n0wall 1.2 is out and all (well, most) of the changes
>since 1.11 are conserved in a (hopefully) stable release, we can
>discuss what is going to become of m0n0wall in the future.
I've read all that has been posted so far; hopefully i'm not too late to
this discussion :-)
>For the web interface, I still think PHP is a good choice. We'd just
>need a standards based interface between the core and the webGUI.
I'd agree with SOAP, or XMLRPC.
>It'll most likely have to be a Unix-style operating
Personally i'd prefer to see FreeBSD 6.0 as the base platform. FreeBSD
hasn't let us down yet, it's been a very very stable platform for
m0n0wall. One of the things that drew us to m0n0wall in the first place
was because it was FreeBSD based, rather than Linux. If the underlying
platform is changed at this (late?) stage, i'll suspect that there will
be some quite significant resources diverted to FreeBSD based branches
that may dilute a lot of the momentum that the project is gaining.
>One thing that is very important to me is that m0n0wall remains (at
>least) as clean and easy to configure as it is today. Users should
>not have to deal with or need to understand the underlying operating
>system (except where it's inevitable, like when assigning interfaces
Absolutely. IMHO the user interface of m0n0wall is one of its greatest
strengths. I've never come across such a elegant and easy to use user
interface for a firewall, it's leaps and bounds ahead of anything else
i've come across. Personally i'd prefer to see the interface design
remain completely under the control of the UI master himself Manuel;
it's a rare talent that can bring such interfaces to a project. A UI is
all too easy to ruin by adding DHTML, fancy graphics all over the place,
convoluted wizards etc.... which is what worries me about going down the
AJAX route. Certainly if done properly it can make the user experience
better, but to be honest i don't think m0n0wall really needs it. I can
certainly think of other areas that i'd nominate as being more important.
>Finally, something needs to be done about the development style as
>well. So far, I've coordinated all changes to m0n0wall and analyzed
>and tested most contributed patches. While I think this has resulted
>in a relatively high code quality, I'd like other talented people to
>get more involvement. Volunteers, step forward! One of the ways to
>enable this will be a common version control system for the code -
>either CVS or SVN.
I propose that we clone a few Manuel Kaspers. Seriously though,
whatever happens, i for one would prefer to see Manuel remain in
ultimate control so that we don't see bloat, feature creep, poor IU
I've not seen anyone mention it yet, but if we're talking major new
features and new directions for m0n0wall, i wonder if it is not about
time to look at working on m0n0wall as an ipv6 firewall? I realise that
IPv6 simply isn't on the radar of most and probably won't be for a
while, but it will be too long before it is. At my company we've had a
native IPv6 network running for some months now, but have had to rely on
manually configuring ip6fw rules... i wonder if someday we could see an
"enable IPv6 filtering" checkbox along with a "mirror IPv6 rules into
IPv6 firewall" checkbox. That would be absolutely fabulous :-) I
suspect however, that it is a huge job for what will probably be
perceived as very little gain at this time? I'd be more than happy to
help out with it, but i'm not qualified to lead with it.
I definitely like the idea of a C based core / daemon. If this happened
i'm sure we'd start to see things like m0n0NAS and perhaps m0n0Router
with OSPF, IS-IS and BGP daemons... it would be fantastic to be able to
configure BGP using a m0n0wall style user interface. If nothing else
though, i'd certainly like to see CARP support in m0n0wall itself.
>m0n0wall forever! ;)
Cheers - Mark
Secura Hosting Ltd
>To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch