[ previous ] [ next ] [ threads ]
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Manuel Kasper'" <mk at neon1 dot net>, Chris Olive <chris at technologEase dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] symbolic names for use in rules
 Date:  Thu, 11 Dec 2003 17:00:14 +0100
What Chris could do, is just create a rule that blocks all out:80 traffic
and a rule to let this traffic pass for some clients. Just disable this
pass-rule (that is put higher than the block-rule) by default and enable
when direct access is needed.

Nothing to do with what Bart suggested, I think, but I might have missed
something too.


-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net]
Sent: donderdag 11 december 2003 16:20
To: Chris Olive
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] symbolic names for use in rules

Chris Olive said:
> In the house, we block outgoing port 80 and run all web requests through
> a proxy server (to spare ourselves of the evils out there in the web).
> But occasionally, we poke holes through for certain machines (in cases
> where the proxy server doesn't work out for what we need), do what we
> need to do, then reapply our "safety net" again.  It would be nice to be
> able to apply a "No Proxy" ruleset, then apply a "Use Proxy" rule set
> that both twiddle the respective rules.

Ehm, are you sure you're talking about the same thing as Bart? I think you
mean individual sets of rules (like in ipfw2) that can be loaded and
unloaded as desired, while Bart is talking about the ability to define
alias names for IP addresses/subnets so when e.g. an IP address that is
used in 20 filter rules changes, you'll only have to change it in one
place and not 20. Of course to some extent aliases could be used in your
case as well, but it's not entirely the same. Let me know if I missed
something. ;)

- Manuel

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Océ enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be