Mitch (WebCob) wrote:
> A module can become "official" once the developer is finished getting it to
> work, and provides a path for people to start testing, without burdening
> Manuel with the task... I've heard of people working on scripts and other
> systems to build new images from various modules, and once people are able
> to flash form their own sources, they will be able to build a firewall with
> exactly what they need and deploy with ease.
> Most systems that fail, fail because of bounded rationality - no one
> programmer can keep track of all the pieces, and bugs creap in. Keeping a
> lean system has always been a goal, and unless something is universally
> needed or incredibly small and TOTALLY secure, there are many who would
> The easier it is for people to customize, the more I agree with these
Without a real guideline for addons and modules its quite sure that some
addons will interfere with others.
The m0n0wall hacking guide is quite old, there are no specs a addon must
fullfill, etc. - so what do you expect?
At the moment some nice addons are in development (openvpn, snort eg.)
but there is no easy/secure way to install them in the base image of
m0n0wall - the mentioned patch-scripts are a hack and for FreeBSD 4.x as
vnconfig is obsolete :).
It's nice that some people make their customized images of m0n0wall
available for other - but thats not the best way i can think of
(prebuild images may be manipulated, etc.).
Many other firewall/router systems have a addon system for custom
modules (fli4l, ipcop) and some guidelines that have to be followed to
make a addon "official".
> It does not, in my humble opinion have to be an
> off-the-shelf-packaged-product that someone with NO real knowlege of
> networks or systems can push a button and install - that's what a $50 USD
> linksys or other is for.
Right. But: The work to implement nice features as mesh-routing or IPv6
for example is way too painfull at the moment. It's about 100 times
easier to set up a LinkSys WRT54G with a modefied OS for this use than
to use m0n0wall.
m0n0wall's approach to use PHP for almost everything makes it small and
healthy. But why has adding customisations to be such a pain?
I think people who HAVE the knowledge would enjoy more complex modules
which are easy to administer, too.
Sure thing - I'm one of the "'cause we can"-fraction too. BUT I DO
prefer "MozillaMail" over "mail" :)
And if you're reading the list you see that there are many ppl with real
beginner questions. Shall we send em to hell?
So - what about some rules how to implement/manage addons?
(Btw: I like the way Fli4L team handles this..)