[ previous ] [ next ] [ threads ]
 From:  Chris Olive <chris at technologEase dot com>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] symbolic names for use in rules
 Date:  Thu, 11 Dec 2003 12:08:12 -0500
Manuel Kasper wrote:

>Chris Olive said:
>>In the house, we block outgoing port 80 and run all web requests through
>>a proxy server (to spare ourselves of the evils out there in the web).
>>But occasionally, we poke holes through for certain machines (in cases
>>where the proxy server doesn't work out for what we need), do what we
>>need to do, then reapply our "safety net" again.  It would be nice to be
>>able to apply a "No Proxy" ruleset, then apply a "Use Proxy" rule set
>>that both twiddle the respective rules.
>Ehm, are you sure you're talking about the same thing as Bart? I think you
>mean individual sets of rules (like in ipfw2) that can be loaded and
>unloaded as desired, while Bart is talking about the ability to define
>alias names for IP addresses/subnets so when e.g. an IP address that is
>used in 20 filter rules changes, you'll only have to change it in one
>place and not 20. Of course to some extent aliases could be used in your
>case as well, but it's not entirely the same. Let me know if I missed
>something. ;)
No, it was me that missed it.  Actually, just before I hit send I had 
this funny feeling we weren't talking about exactly the same thing, but 
some similarities existed.  His idea is great.  But I was talking about 
something different.  Rule sets that could be applied or unapplied.  If 
I had to guess, his idea would be more universally useful to everyone 
else.  I doubt seriously that differing rule sets to apply or unapply 
would necessarily be as useful to most, although it would be nice for me 
to reconfigure the fw on the fly (for the purpose I mentioned).  Once 
the proxy server I use is directly controlled by me, then I won't even 
need to do what I'm doing now.

Chris Olive
chris at technologEase dot com