[ previous ] [ next ] [ threads ]
 
 From:  Chris Olive <chris at technologEase dot com>
 To:  Bart Smit <bit at pipe dot nl>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] symbolic names for use in rules
 Date:  Thu, 11 Dec 2003 10:02:57 -0500 
Bart Smit wrote:

>List,
>
>I often find myself changing several rules at once for groups of IP
>addresses/ranges that I think of in terms like "remote office networks",
>"family vpn", or "provider subnets".
>
>Maybe I'm stretching it too much (as I sometimes do), but wouldn't having
>the option of defining symbolic names for groups of hosts and networks be
>terribly handy? It will really simplify rule base maintenance, and it is
>easy to see how this could be unified with the current built-in
>pre-defined names such as "LAN subnet" and "PPTP clients".
>  
>
Ew...  I can't believe this was just posted...  I was thinking about 
this *just* last night that it would be nice to have rule sets that 
could be applied.  Saved rule configs...  Whatever you want to call 
them.  So I second the motion.

In the house, we block outgoing port 80 and run all web requests through 
a proxy server (to spare ourselves of the evils out there in the web).  
But occasionally, we poke holes through for certain machines (in cases 
where the proxy server doesn't work out for what we need), do what we 
need to do, then reapply our "safety net" again.  It would be nice to be 
able to apply a "No Proxy" ruleset, then apply a "Use Proxy" rule set 
that both twiddle the respective rules.

chris
-----
Chris Olive
chris at technologEase dot com