On Thu, Dec 24, 2015 at 11:46:42PM +1100, Jookia wrote:
Now, I mentioned 'proper' firewall system above in quotes. I'm not going to do another rant, but rather focus on what I'd like to see on a firewall system: Integration with system routing. I'd like to focus on per-application rules rather than per-interface or per-port, and multiplexers to combine applications or interfaces. I'd also like to see applications that do routing too. My current rules are complex and involve giving applications (defined by port or user) access to interfaces based on interface and subnet.
A nice diagram that covers networking emotions: https://ipfs.pics/QmdQZ3NrrwWSqhzuUQeT6Qp8iW6Zy7RoPSnKqyiCDaYyj6
I think we have some similar networking goals, I've been taking a break on my main projects to try and port Cjdns, which is a meshnetworking engine. Wireless links are the obvious transport medium, but almost all links are actually UDP tunnels over the internet as a practical matter, so what you get in effect is a giant VPN. Because the address allocation is distributed (a requirement for a mesh network) it could be a good mate to Genode because each application can get its own IP and you can maybe throw away port numbers and firewalls. The problem is the code base is more or less maintained by single person, and the addresses is not routable back and forth to the arpanet, but you can create tunnels.
https://github.com/cjdelisle/cjdns I am over here http://fc00.org/#fcc4:c658:e905:393d:529f:5473:055f:4298
It may or may not work, but either way I'm porting libuv, which is a nice library for writing networked servers, so atleast then we get a nice base to start writing simple things like DNS proxies. Its actually been quite satisfying to port because the low-level lwIP callback interface is so much simplier than POSIX sockets, especially when all you want to do is trigger a callback.
Cheers, Emery