[ previous ] [ next ] [ threads ]
 From:  Kris Maglione <bsdaemon at comcast dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Service supervision
 Date:  Mon, 12 Sep 2005 19:55:52 -0400
Originally pushed wrong reply button...

Chris Buechler wrote:

>On 9/11/05, Kris Maglione <bsdaemon at comcast dot net> wrote:
>>I'd like to see m0n0wall gain a service supervision scheme. The services
>>provided by a firewall are usually extremely important to a network, and when
>>they die, untold havoc can ensue. I may be exaggerating, but it doesn't make
>>it any more important. As it stands now, if a program (such as dhcpd or
>>dnsmasq) dies on a m0n0wall box, it goes unnoticed and ignored. At that point,
>>an administrator would have to either change and apply a setting related to
>>the dead service, or simply reboot the box. Neither option is ideal.
>I would agree, but I've never heard of any services on m0n0wall dying
>like that, on the list or in my experience.
I just read, on this list, about dhcpd dieing. I've never had that
happen on m0n0wall, but I've had it happen before otherwise. I also
believe that I've had dnsmasq die on me in the past. I'm sure that I've
had OpenVPN die on me more than once.

>Not that I'm against it (I run daemontools on some servers myself, and
>have used runit in the past), I just think this would be attempting to
>solve a problem that doesn't exist.  "if it ain't broke, don't fix
I would generally agree, but in this case, I consider it broke. The user
is supposed to be able to ignore the internals of m0n0wall. If something
dies, he shouldn't have to know what's going on underneath the WebGUI to
fix it. Like I said, I've at least had OpenVPN and dhcpd die on me in
the past, and have read about others having the same experience. In my
opinion, the death of either of those services could be catastrophic.