[ previous ] [ next ] [ threads ]
 
 From:  "Imran K" <gururug at gmail dot com>
 To:  "Tonix (Antonio Nati)" <tonix at interazioni dot it>, "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] Redesigning m0n0wall filter rules
 Date:  Wed, 6 Feb 2008 20:30:09 +1100 
Guys,

Monowall!!! ( wall stands for firewall doesn't it?) I am surprised that mono
rule creation can only be
done for inbound packets. *

*Boucers police who can come in and who needs to go out of a night club for
very good reasons.

*Unless I am missing something* tonix's needs are valid.

Can we have an option ( drop down ) after the interface that selects inbound
or outbound???

Why is there no option already?

Otherwise it would be nice if suggested a workaround for him. i.e. piping
all traffic destined for the server segmend through a vritual interface /
subnet to allow the use of inbound only rules on it only instead of all the
segments???







On Feb 5, 2008 10:36 PM, Tonix (Antonio Nati) <tonix at interazioni dot it> wrote:

> We are thinking how to extend/improve m0n0wall rules architecture.
> After an intense work done with rules, we finally realize we need
> something actual m0n0wall architecture cannot satisfy.
>
> Given our environment, with dozen of reserved VLAN and a few of servers
> VLAN, actual m0n0wall behaviour of applying rules to "incoming"
> interfaces forces us to apply same rules to dozens of VLAN, while rules
> eventually applied to "outgoing" interfaces could be a lot more easy to
> manage.
>
> Planning to put hands in code, we are thinking to add a system flag
> (enable rules on output interfaces) and change rules to outgoing
> interfaces if that flag is enabled.
>
> Obviouslly it would be better to have rules working both on "incoming
> interfaces" and "outgoing interfaces", but it looks not easy to make
> with ipfilter.
>
> Thanks for any comment/hint.
>
> Tonino
>
> --
> ------------------------------------------------------------
>        Inter@zioni            Interazioni di Antonio Nati
>   http://www.interazioni.it      tonix at interazioni dot it
> ------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>
>