[ previous ] [ next ] [ threads ]
 
 From:  "Manuel Kasper" <mk at neon1 dot net>
 To:  "Chris Olive" <chris at technologEase dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] symbolic names for use in rules
 Date:  Thu, 11 Dec 2003 16:20:28 +0100 (CET)
Chris Olive said:
> In the house, we block outgoing port 80 and run all web requests through
> a proxy server (to spare ourselves of the evils out there in the web).
> But occasionally, we poke holes through for certain machines (in cases
> where the proxy server doesn't work out for what we need), do what we
> need to do, then reapply our "safety net" again.  It would be nice to be
> able to apply a "No Proxy" ruleset, then apply a "Use Proxy" rule set
> that both twiddle the respective rules.

Ehm, are you sure you're talking about the same thing as Bart? I think you
mean individual sets of rules (like in ipfw2) that can be loaded and
unloaded as desired, while Bart is talking about the ability to define
alias names for IP addresses/subnets so when e.g. an IP address that is
used in 20 filter rules changes, you'll only have to change it in one
place and not 20. Of course to some extent aliases could be used in your
case as well, but it's not entirely the same. Let me know if I missed
something. ;)

- Manuel