[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Jorgen Norrman <jurg at home dot se>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Feature request which would make m0n0wall even better ;)
 Date:  Sat, 24 Jan 2004 21:06:30 +0100 
On 24.01.2004, at 19:24, Jorgen Norrman wrote:

> A must have is the ability to make port lists or groups containing 
> ports.
> Another great feature would be groups containing ip-adresses.

If I had a dime for everytime I heard that... Yes, m0n0wall is going to 
be able to do that sometime because the alias functionality will be 
extended to allow assigning multiple addresses/networks to one alias. 
BUT... this is not going to happen until ipfilter 4.0, for the simple 
reason that it is not feasible with the current ipfilter 3.4! In theory 
it is possible, but it can create such a terrible and inefficient mess 
of a ruleset that I'm simply not going to bother with it. We can't 
filter packets in PHP, so we have to use what the underlying operating 
system offers. Yes, I know ipfw2 is better in that respect, but it's 
not a solution either because natd sucks for multiple reasons that I've 
explained before.

So everyone please be patient and don't forget that several 
web-interface-equipped commercial firewalls I know of don't support 
that either. Go figure.

- Manuel