[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Service supervision
 Date:  Sun, 11 Sep 2005 22:12:11 -0400
On 9/11/05, Kris Maglione <bsdaemon at comcast dot net> wrote:
> I'd like to see m0n0wall gain a service supervision scheme. The services
> provided by a firewall are usually extremely important to a network, and when
> they die, untold havoc can ensue. I may be exaggerating, but it doesn't make
> it any more important. As it stands now, if a program (such as dhcpd or
> dnsmasq) dies on a m0n0wall box, it goes unnoticed and ignored. At that point,
> an administrator would have to either change and apply a setting related to
> the dead service, or simply reboot the box. Neither option is ideal.
> 

I would agree, but I've never heard of any services on m0n0wall dying
like that, on the list or in my experience.  I have a bunch of
production boxes, and the only time they ever get restarted is for
upgrades or power failure (or touched, for that matter).  racoon
occasionally, but not because it dies, because sometimes it gets
"stupid" and needs a kick to reneg its SA's.  :)

Not that I'm against it (I run daemontools on some servers myself, and
have used runit in the past), I just think this would be attempting to
solve a problem that doesn't exist.  "if it ain't broke, don't fix
it."

-Chris