[ previous ] [ next ] [ threads ]
 
 From:  "Tonix (Antonio Nati)" <tonix at interazioni dot it>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Redesigning m0n0wall filter rules
 Date:  Tue, 05 Feb 2008 12:36:28 +0100 
We are thinking how to extend/improve m0n0wall rules architecture.
After an intense work done with rules, we finally realize we need 
something actual m0n0wall architecture cannot satisfy.

Given our environment, with dozen of reserved VLAN and a few of servers 
VLAN, actual m0n0wall behaviour of applying rules to "incoming" 
interfaces forces us to apply same rules to dozens of VLAN, while rules 
eventually applied to "outgoing" interfaces could be a lot more easy to 
manage.

Planning to put hands in code, we are thinking to add a system flag 
(enable rules on output interfaces) and change rules to outgoing 
interfaces if that flag is enabled.

Obviouslly it would be better to have rules working both on "incoming 
interfaces" and "outgoing interfaces", but it looks not easy to make 
with ipfilter.

Thanks for any comment/hint.

Tonino

-- 
------------------------------------------------------------
        Inter@zioni            Interazioni di Antonio Nati 
   http://www.interazioni.it      tonix at interazioni dot it           
------------------------------------------------------------