[ previous ] [ next ] [ threads ]
 
 From:  "Molle Bestefich" <molle dot bestefich at gmail dot com>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: per-interface rulebases: why?
 Date:  Thu, 1 Jun 2006 23:36:19 +0200
Lee Sharp wrote:
> > If there's no real use cases (as I suspect), then adding complexity
> > makes the rulebase harder to figure out.
>
> It makes it much simpler if you think in a "spatial relations" sort of way.
> What is the flow of the traffic, and look at those interfaces.

I fail to see how your "flow of traffic between interfaces" way of
thinking is superior to my "flow of traffic between networks/hosts".

> It is just grouped by interface to make it easier for US.

It's still added complexity as far as I can see, though I guess it
does make it easier for people who's used to it, and perhaps the
developers.