I had a thought last night, which I wonder if anyone is considering.
I am not sure if you would be willing to try to implement something like this, but I was considering magic packets. Consider Wake-on-Lan how for all purposes, the system is "dead" but upon a specially formulated packet, the system receives the command to wake up. Now, I am not considering having the citadel system turned off, but considering having a port be "dead" unless it receives a specially formulated packet which is comprised of a one way secret, with each system setting what the special word, phrase, etc would be to "wake" it up. The port would be awake until receiving a second magic packet which would cause it to "die" again.
I could get into more details if I need, but is anyone interested in something like this. It would be fairly simple if we implemented a basic type of firewall processing in Citadel, which just matches a simple set of rules and is only looking for one thing and drops all else until the packet comes, sets the flag, and then opens the port. Once the second packet comes to close it, the flag changes back and it is back to searching for only that one packet.
This would solve my problem, and I think it could enable you to make the changes you want to make, while still selectively allowing for citadel to be able to open up communication with each other, but not have to be always on, or such.
