Hi! I'm currently working on improving IPvX-over-GNUnet on OpenWrt. I believe that providing v4/v6/DNS exit service using an OpenWrt box is a quite good idea. On OpenWrt it doesn't make so much sense to mess around with routing, sysctl and iptables rules in the helpers as networking and firewall are managed by OpenWrt's services. The situation is also different from a desktop system because on an embedded device (think e.g.: IPvX-over-GNUnet router) the networking and firewall configuration corresponds to a specific use (think: tunneling all traffic through GNUnet) and do exactly that. To me it seems desirable to have an additional parameter (or even a compile-time configure argument!) for the dns- and exit-helpers to make them stay away from routing, sysctl and firewall stuff and just assume that an external service will handle all that once the interface comes up (because that's what netifd does on OpenWrt). Depending on your preference (additional cmdline parameter vs. compile-time), I'd like to introduce that option, so EXIT will be more useful to provide gateways to the ARPA internet in community mesh networks -- that's the main application for most of them and GNUnet could already offer a decentralized and more secure way to do that.
Cheers Daniel _______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
