Mark Castle wrote:
> I've not seen anyone mention it yet, but if we're talking major new
> features and new directions for m0n0wall, i wonder if it is not about
> time to look at working on m0n0wall as an ipv6 firewall? I realise that
> IPv6 simply isn't on the radar of most and probably won't be for a
> while, but it will be too long before it is. At my company we've had a
> native IPv6 network running for some months now, but have had to rely on
> manually configuring ip6fw rules... i wonder if someday we could see an
> "enable IPv6 filtering" checkbox along with a "mirror IPv6 rules into
> IPv6 firewall" checkbox. That would be absolutely fabulous :-) I
> suspect however, that it is a huge job for what will probably be
> perceived as very little gain at this time? I'd be more than happy to
> help out with it, but i'm not qualified to lead with it.
You are right IPv6 is something to really important if we like an
enterprise firewall, today more and more enterprises are beginning his
migration to IPv6 and have a robust platform like m0n0wall to support it
is a really good plus.
> I definitely like the idea of a C based core / daemon. If this happened
> i'm sure we'd start to see things like m0n0NAS and perhaps m0n0Router
> with OSPF, IS-IS and BGP daemons... it would be fantastic to be able to
> configure BGP using a m0n0wall style user interface. If nothing else
> though, i'd certainly like to see CARP support in m0n0wall itself.
I think some dynamic routing protocol is need in the base distribution.
for example, if you mix dynamic routing with IPSec tunnels you can
permit m0n0 inform to the routers in the internal net about a new tunnel
up, simplifying the network management.