[ previous ] [ next ] [ threads ]
 From:  "Molle Bestefich" <molle dot bestefich at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: even more dumb questions: anti-spoofing
 Date:  Thu, 25 May 2006 16:17:25 +0200
Chris Buechler wrote:
> Molle Bestefich wrote:
> > So for some pseudo/automagic rules, I can look in the rulebase.
> > For others, I have to use magic means to find out that it's hidden
> > away on "status.php" and manually type "status.php" in my browser.
> >
> > M0n0wall is getting more cryptic to me as each day passes :-).
> It's not that cryptic.  Had you read the page where you found out how
> to subscribe to this mailing list, you'd know about it.  :)
> http://m0n0.ch/wall/mailinglist.php


That page says:
"With many problems (e.g. blocked packets that shouldn't be blocked,
hardware problems, other configuration issues), it's a good idea to
provide the (anonymized) output from http://m0n0wall-ip/status.php"

But since I'm not debugging any of these issues, it would never occur
to me to seek out that particular behind-the-covers page.

It's a bad user experience, and should be changed so that either:

1) All anti-spoofing rules are shown (readonly) in the rulebases, not
just the RFC1918 anti-spoofing rule.

2) None of the anti-spoofing rules are shown, and the user is directed
at a page containing the raw rulebase (eg. status.php) if (s)he wants
to know what antispoofing rules are in effect.