[ previous ] [ next ] [ threads ]
 From:  Mark Castle <m0n0wall dash dev at markcastle dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] The future
 Date:  Tue, 18 Oct 2005 20:06:43 +0100
Hi all,

Manuel Kasper wrote:

>Dear m0n0wall enthusiasts,
>now that m0n0wall 1.2 is out and all (well, most) of the changes
>since 1.11 are conserved in a (hopefully) stable release, we can
>discuss what is going to become of m0n0wall in the future.
I've read all that has been posted so far; hopefully i'm not too late to 
this discussion :-)

>For the web interface, I still think PHP is a good choice. We'd just
>need a standards based interface between the core and the webGUI.
I'd agree with SOAP, or XMLRPC.

>It'll most likely have to be a Unix-style operating
Personally i'd prefer to see FreeBSD 6.0 as the base platform.  FreeBSD 
hasn't let us down yet, it's been a very very stable platform for 
m0n0wall. One of the things that drew us to m0n0wall in the first place 
was because it was FreeBSD based, rather than Linux.  If the underlying 
platform is changed at this (late?) stage, i'll suspect that there will 
be some quite significant resources diverted to FreeBSD based branches 
that may dilute a lot of the momentum that the project is gaining.

>One thing that is very important to me is that m0n0wall remains (at
>least) as clean and easy to configure as it is today. Users should
>not have to deal with or need to understand the underlying operating
>system (except where it's inevitable, like when assigning interfaces
>or debugging).
Absolutely.  IMHO the user interface of m0n0wall is one of its greatest 
strengths.  I've never come across such a elegant and easy to use user 
interface for a firewall, it's leaps and bounds ahead of anything else 
i've come across.  Personally i'd prefer to see the interface design 
remain completely under the control of the UI master himself Manuel; 
it's a rare talent that can bring such interfaces to a project.  A UI is 
all too easy to ruin by adding DHTML, fancy graphics all over the place, 
convoluted wizards etc.... which is what worries me about going down the 
AJAX route.  Certainly if done properly it can make the user experience 
better, but to be honest i don't think m0n0wall really needs it.  I can 
certainly think of other areas that i'd nominate as being more important.

>Finally, something needs to be done about the development style as
>well. So far, I've coordinated all changes to m0n0wall and analyzed
>and tested most contributed patches. While I think this has resulted
>in a relatively high code quality, I'd like other talented people to
>get more involvement. Volunteers, step forward! One of the ways to
>enable this will be a common version control system for the code -
>either CVS or SVN.
I propose that we clone a few Manuel Kaspers.  Seriously though, 
whatever happens, i for one would prefer to see Manuel remain in 
ultimate control so that we don't see bloat, feature creep, poor IU 
design etc.

I've not seen anyone mention it yet, but if we're talking major new 
features and new directions for m0n0wall, i wonder if it is not about 
time to look at working on m0n0wall as an ipv6 firewall?  I realise that 
IPv6 simply isn't on the radar of most and probably won't be for a 
while, but it will be too long before it is.  At my company we've had a 
native IPv6 network running for some months now, but have had to rely on 
manually configuring ip6fw rules... i wonder if someday we could see an 
"enable IPv6 filtering" checkbox along with a "mirror IPv6 rules into 
IPv6 firewall" checkbox.  That would be absolutely fabulous :-)  I 
suspect however, that it is a huge job for what will probably be 
perceived as very little gain at this time?  I'd be more than happy to 
help out with it, but i'm not qualified to lead with it.

I definitely like the idea of a C based core / daemon.  If this happened 
i'm sure we'd start to see things like m0n0NAS and perhaps m0n0Router 
with OSPF, IS-IS and BGP daemons... it would be fantastic to be able to 
configure BGP using a m0n0wall style user interface.  If nothing else 
though, i'd certainly like to see CARP support in m0n0wall itself.

>m0n0wall forever! ;)
Absolutely :-)

Cheers - Mark
Secura Hosting Ltd

>- Manuel
>To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch