Hybrid Design is an new idea of IRIS which combines all software functions in one unit, instead of having seperate configurations for different units. 

Current Status: Pre-Production Testing

Advantages:
 - More flexible software configuration.
 - Only one branch to maintain.
 - Better understanding of the different systems in use.
 - Using less hardware at an location.


Some downsides:
 - Implementation is sometimes not so trivial to understand.

Extra goals:
 - No manual configuration on the nodes anymore, all configuration flags in Gformat.
 - More robust setup (no full file:/var partions anymore).
 - Take better use of available hardware (use buildin standard daemons, instead of the light versions).





Implementation details:
 - An Node can have services, this desides the role and daemons to run.
 - Firewall logic is stored in pf firewall. file:/etc/pf.*.conf
 - Routing table 0, reflect the main function of the machine (e.g. how clients uses the machine).
 - Routing table 1, is an shadow routing table with an default gateway pointing to the directly connected route.
 - file:/tools/check-inet-alive enables or disables services which reflects the current state of the inet connection. 
 - Useless traffic is blocked/rejected as soon as possible.


Current Roles:
 - service_proxy_ileiden = Outgoing NAT Router.
 - service_proxy_normal = Outgoing HTTP Proxy.
 - service_access_point = Accesspoint with Captive Portal.
 - service_incoming_rdr = Incoming NAT/RDR Router.

To-Be-Implemented Roles:
 - service_openvpn_server = Incoming OpenVPN Server.
 - service_openvpn_client = Outgoing OpenVPN Client.