I have an idea about splitting up the config.xml into parts like
system.xml, nat.xml dhcp.xml, rules.xml etc. You get the idea?
It would make it easier to use 3rd party tools to import an existing
ruleset from checkpoint or cisco or making new with Firewall Builder
(http://www.fwbuilder.org). Also it would be possible to mark some
configs as read-only (hardware rarly changes, but rulesets do...).
Another benefit would be the possibility to have for example two or
more rulesets on disk and an interface option to choose between them
without having to upload/download them from a pc.
Another thought: Adding an option to add comments to the configfiles
also makes m0n0wall act more like the other corporate firewalls I've
used before (cisco & checkpoint).
What do You think?
Fredrik Rudin | fredrik dot rudin at gmail dot com