|
||||||||||
Manuel Kasper wrote: >Chris Olive said: > > >>In the house, we block outgoing port 80 and run all web requests through >>a proxy server (to spare ourselves of the evils out there in the web). >>But occasionally, we poke holes through for certain machines (in cases >>where the proxy server doesn't work out for what we need), do what we >>need to do, then reapply our "safety net" again. It would be nice to be >>able to apply a "No Proxy" ruleset, then apply a "Use Proxy" rule set >>that both twiddle the respective rules. >> >> > >Ehm, are you sure you're talking about the same thing as Bart? I think you >mean individual sets of rules (like in ipfw2) that can be loaded and >unloaded as desired, while Bart is talking about the ability to define >alias names for IP addresses/subnets so when e.g. an IP address that is >used in 20 filter rules changes, you'll only have to change it in one >place and not 20. Of course to some extent aliases could be used in your >case as well, but it's not entirely the same. Let me know if I missed >something. ;) > > No, it was me that missed it. Actually, just before I hit send I had this funny feeling we weren't talking about exactly the same thing, but some similarities existed. His idea is great. But I was talking about something different. Rule sets that could be applied or unapplied. If I had to guess, his idea would be more universally useful to everyone else. I doubt seriously that differing rule sets to apply or unapply would necessarily be as useful to most, although it would be nice for me to reconfigure the fw on the fly (for the purpose I mentioned). Once the proxy server I use is directly controlled by me, then I won't even need to do what I'm doing now. chris ---- Chris Olive chris at technologEase dot com |