On 5/9/06, boink <lordboink at gmail dot com> wrote:
> Does anyone have any comments on this approach?
Manuel has stated in the past that this isn't in m0n0wall because
ipfilter 3.x does not support host and service groupings. It could be
abstracted by the back end, but you could unknowingly end up with some
very long rulesets (a single rule in the GUI with 10 hosts with 10
ports would be 100 rules in ipf). Personally, that's still better
than manually entering 100 rules, if that's really what you need, but
that's Manuel's stance on it.
It's something we'll almost certainly see in 1.3 though, as whatever
packet filter ends up being chosen, it will support host and port