[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Jonathan Marriott <jon at kiwiuk dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.2b7 firewall rules icon
 Date:  Wed, 18 May 2005 16:39:39 +0200
Hello Jonathan!

Am Mittwoch, den 18.05.2005, 15:26 +0100 schrieb Jonathan Marriott:
> Yes, I have. You're right. Why is this the case? If it can reject for 
> TCP and UDP individually, why not together? I can't fit it, I'm just 
> interested - no need to answer if its a long one :)

Technical reasons. Ipfilter responds with a RST packet for TCP and with
ICMP destination unreachable for UDP. Two different things. This would
lead to two different rulesets for ipfilter, too. The design of the PHP
code has to completly be rewritten for this (at the moment, you are
filling in one rule in the GUI and m0n0 constructs one rule for ipfilter
out of it). Since you're not the first one reading everything closely,
I'm thinking about writing some lines of code for verifying the user

Ciao ...
	... PIT ...

 copyleft(c) by |   _-_     REST: P: Linus Torvalds S: Buried alive in
 Peter Allgeyer | 0(o_o)0   email  -- from /usr/src/linux/MAINTAINERS