[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  brwatters at abs dash internet dot com
 Subject:  RE: [m0n0wall] Timed Firewall Rules and Multi Subnet on WAN
 Date:  Sat, 29 Jan 2005 19:53:10 +0100
Am Samstag, den 29.01.2005, 10:38 -0800 schrieb Brian Watters:
> Thanks for the info .. Yes I saw the TODO list as well .. Its been there for
> awhile and was I guess wanted to get a better idea of a time line of when
> and if we might start seeing this rolled out into a beta offering ..
This is a development question, right? So this is the wrong mailinglist.

You have to make clear, that you want to know a timeline, if there is
any (don't think so). I've thought about implementing time based rules,
but ipfilter doesn't support them natively. So you have to simulate
those rules with a cron based mechanism, but Manuel doesn't think about
adding a (lightwight) crondaemon. Difficult. We have to think about a
better way.

I don't know, if pf supports time based rules (what I've read so far:
not), but this pf-stuff would help us implement some nice features like
multiple WAN connections (but leaves us with really stupid support for
such buggy protocols like FTP/SIP/whatever). And: pf needs FreeBSD 5.3,
which will be there in m0n0wall on a nice day in future.

Understand the problems why some points in the TODO list are really old
and not so easy to implement cleanly?

Ciao ...
	... PIT ...

 copyleft(c) by |           The state of some commercial Un*x is more
 Peter Allgeyer |   _-_     unsecure than any Linux box without a root
                | 0(o_o)0   password...  -- Bernd Eckenfels