[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  brwatters at abs dash internet dot com
 Subject:  RE: [m0n0wall] Timed Firewall Rules and Multi Subnet on WAN
 Date:  Sat, 29 Jan 2005 19:53:10 +0100
Am Samstag, den 29.01.2005, 10:38 -0800 schrieb Brian Watters:
> Thanks for the info .. Yes I saw the TODO list as well .. Its been there for
> awhile and was I guess wanted to get a better idea of a time line of when
> and if we might start seeing this rolled out into a beta offering ..
> 
This is a development question, right? So this is the wrong mailinglist.

You have to make clear, that you want to know a timeline, if there is
any (don't think so). I've thought about implementing time based rules,
but ipfilter doesn't support them natively. So you have to simulate
those rules with a cron based mechanism, but Manuel doesn't think about
adding a (lightwight) crondaemon. Difficult. We have to think about a
better way.

I don't know, if pf supports time based rules (what I've read so far:
not), but this pf-stuff would help us implement some nice features like
multiple WAN connections (but leaves us with really stupid support for
such buggy protocols like FTP/SIP/whatever). And: pf needs FreeBSD 5.3,
which will be there in m0n0wall on a nice day in future.

Understand the problems why some points in the TODO list are really old
and not so easy to implement cleanly?

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |           The state of some commercial Un*x is more
 Peter Allgeyer |   _-_     unsecure than any Linux box without a root
                | 0(o_o)0   password...  -- Bernd Eckenfels
---------------oOO--(_)--OOo-----------------------------------------------