How do we want to design this?

[adferguson]

In the original experiments, we created wrapper scripts which spoke to the PANE server. Then, SSHGuard had a simple firewall which simply called those wrapper scripts.

A self-contained design would introduce a firewall backend which speaks to the PANE server natively (for example, the hosts file and ipfw backends are specialized like this). However, this design would require a fair bit of C programming (do we want a library for this anyway?) and would be more brittle, as the current method to configure SSHGuard's firewall backs is to do so at compile time (!).

[arjunguha]

Go with wrapper script, IMO. Hacking it up in C++ doesn't prove anything, IMO.

[adferguson]

yeah, except we'll need a C++ implementation anyway for Ekiga...