Chris Buechler wrote:
>On Sun, 23 Jan 2005 19:28:06 -0500, Jason Lane <jason at deafwv dot org> wrote:
>>Is it possible to group external addresses into a variable as a
>>I have the following external addresses (not real only examples)
>>and i want only them 3 addresses to be able to access my mailserver on
>>can i do somethng similiar to this if i can get like ssh access or
>>something to m0n0wall
>>$mailAllowedIP = array(126.96.36.199,188.8.131.52,184.108.40.206)
>No. IPFilter, the firewall software used, doesn't support
>arrays/groups/lists in the current stable version. It does in the
>next version, but I have no idea when that will be stable enough for
>widespread production use.
While technically true, this could be implemented into m0n0wall today
since the GUI could abstract the process from the user.
As an example for a possible implementation, m0n0wall could allow
multiple aliases with the same name. When m0n0wall detects a rule which
matches multiple aliases, the rule would get written into the ipfilter
configuration once with each matching alias.
It could potentially get a little hairy when using "not" rules, but
these can largely be avoided.
The end result would be that grouping becomes possible without any
direct support in IPFilter but it's possible to use one group in more
then one location within m0n0wall.
If a job is worth doing, then get someone in to do it properly.