On 20.01.2004, at 11:16, Eric Appelboom wrote:
> I think this was mentioned before but is it possible to create "groups"
> or "objects" that Contain ips and networks that can be appied as a src
> or destination in a rule?
> For example
> Object "IRC users" contains
> Which is applied to rule
> Permit "IRC users" to any tcp 6667
> If not could this facility be added?
This has been discussed before - it will be done when ipfilter 4.0 is
released, as it will be much more efficient and easier at that point in
time (native alias support by ipfilter), especially in the case where
an alias is used both for the source and destination of a rule.
> Additionally could the firewall have a passed prompt on bootup and not
> be open.
This has been requested before, too, and I still think it's not a good
idea - if anybody manages to gain physical access to your firewall, all
bets are off in any case. But maybe I'll implement it sometime for all
those who like security by obscurity.