Bart Smit said:
> Maybe I'm stretching it too much (as I sometimes do), but wouldn't having
> the option of defining symbolic names for groups of hosts and networks be
> terribly handy? It will really simplify rule base maintenance, and it is
> easy to see how this could be unified with the current built-in
> pre-defined names such as "LAN subnet" and "PPTP clients".
Sounds like a good idea indeed. Too bad ipfilter 4.0 isn't out yet, as
that would make it possible to assign multiple IP addresses or subnets to
one symbolic name without any fuss. But still, I'll consider revamping the
"LAN subnet"-style mappings completely sometime; I don't like the way
they're implemented at the moment anyway (too many special cases to deal
with in several places).