emery at ...261...
Thu Dec 24 15:22:44 CET 2015
On Thu, Dec 24, 2015 at 11:46:42PM +1100, Jookia wrote:
> Now, I mentioned 'proper' firewall system above in quotes. I'm not going to do
> another rant, but rather focus on what I'd like to see on a firewall system:
> Integration with system routing. I'd like to focus on per-application rules
> rather than per-interface or per-port, and multiplexers to combine applications
> or interfaces. I'd also like to see applications that do routing too. My current
> rules are complex and involve giving applications (defined by port or user)
> access to interfaces based on interface and subnet.
A nice diagram that covers networking emotions:
I think we have some similar networking goals, I've been taking a break on my main
projects to try and port Cjdns, which is a meshnetworking engine. Wireless links are the
obvious transport medium, but almost all links are actually UDP tunnels over the
internet as a practical matter, so what you get in effect is a giant VPN. Because the
address allocation is distributed (a requirement for a mesh network) it could be a good
mate to Genode because each application can get its own IP and you can maybe throw away
port numbers and firewalls. The problem is the code base is more or less maintained by
single person, and the addresses is not routable back and forth to the arpanet, but you
can create tunnels.
I am over here http://fc00.org/#fcc4:c658:e905:393d:529f:5473:055f:4298
It may or may not work, but either way I'm porting libuv, which is a nice library for
writing networked servers, so atleast then we get a nice base to start writing
simple things like DNS proxies. Its actually been quite satisfying to port because the
low-level lwIP callback interface is so much simplier than POSIX sockets, especially
when all you want to do is trigger a callback.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the users