[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Bart Smit <bit at pipe dot nl>
 Cc:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-announce] pb22 released
 Date:  Sun, 14 Dec 2003 23:31:08 +0100 
On 14.12.2003, at 23:13, Bart Smit wrote:

> I specifically meant a way to name *groups* of IP's and networks.  so I
> can have a single rule apply to several nets at once. E.g. 5 different
> remote networks that all need the same treatment from my firewall. I 
> want
> to call them "remote office nets" and be done with a single rule per
> protocol instead of having to create 5 rules, one for each net.

Yep, I know and I got that point, but instead of implementing a clumsy 
solution right now (having the filter rule generator install several 
rules for the different addresses/networks associated with an alias - 
imagine using aliases with 10 addresses each for both a rule's source 
and destination - boom, 100 ipf rules! [or at least a mess of >20 rules 
with skip or head/group]), I'd rather wait until ipfilter 4.0 is 
released and we get native alias support. m0n0wall's filter rule part 
will be in for a major overhaul at that point in time anyway.

- Manuel