[ previous ] [ next ] [ threads ]
 From:  Chris Olive <chris at technologEase dot com>
 To:  Christiaens Joachim <jchristi at oce dot be>
 Cc:  'Manuel Kasper' <mk at neon1 dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] symbolic names for use in rules
 Date:  Thu, 11 Dec 2003 12:18:49 -0500
Christiaens Joachim wrote:

>What Chris could do, is just create a rule that blocks all out:80 traffic
>and a rule to let this traffic pass for some clients. Just disable this
>pass-rule (that is put higher than the block-rule) by default and enable
>when direct access is needed.
This is exactly what I do.  Last night I was just thinking that it would 
nice to be able to just hit "Apply" to one "saved rule set" and then hit 
"Apply" to a different one to close up the holes temporarily poked 
through.  Don't know how useful this would be -- probably not a lot for 
most people.  (Then again, companies do sometimes poke holes temporarily 
-- I've known it to happen -- so maybe it would be.)  As it stands, your 
idea being what I do do, I still have to go and enable/disable those 
rules and hit "Apply."

>Nothing to do with what Bart suggested, I think, but I might have missed
>something too.
Right.  Manual clarified.  I think Bart's idea is a good one.  The good 
practice of abstraction.

Chris Olive
chris at technologEase dot com