Re: [m0n0wall] Group objects

From:	Manuel Kasper <mk at neon1 dot net>
To:	"Eric Appelboom" <eric at mweb dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Group objects
Date:	Tue, 20 Jan 2004 12:40:00 +0100

On 20.01.2004, at 11:16, Eric Appelboom wrote:

> I think this was mentioned before but is it possible to create "groups"
> or "objects" that Contain ips and networks that can be appied as a src
> or destination in a rule?
>
> For example
>
> Object "IRC users" contains
> 10.1.25.6
> 128.10.3.0/255.255.255.0
>
> Which is applied to rule
> Permit "IRC users" to any tcp 6667
>
> If not could this facility be added?

This has been discussed before - it will be done when ipfilter 4.0 is 
released, as it will be much more efficient and easier at that point in 
time (native alias support by ipfilter), especially in the case where 
an alias is used both for the source and destination of a rule.

> Additionally could the firewall have a passed prompt on bootup and not
> be open.

This has been requested before, too, and I still think it's not a good 
idea - if anybody manages to gain physical access to your firewall, all 
bets are off in any case. But maybe I'll implement it sometime for all 
those who like security by obscurity.

- Manuel