Re: [m0n0wall] Re: per-interface rulebases: why?

From:	"Molle Bestefich" <molle dot bestefich at gmail dot com>
To:	"Lee Sharp" <leesharp at hal dash pc dot org>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Re: per-interface rulebases: why?
Date:	Thu, 1 Jun 2006 23:36:19 +0200

Lee Sharp wrote:
> > If there's no real use cases (as I suspect), then adding complexity
> > makes the rulebase harder to figure out.
>
> It makes it much simpler if you think in a "spatial relations" sort of way.
> What is the flow of the traffic, and look at those interfaces.

I fail to see how your "flow of traffic between interfaces" way of
thinking is superior to my "flow of traffic between networks/hosts".

> It is just grouped by interface to make it easier for US.

It's still added complexity as far as I can see, though I guess it
does make it easier for people who's used to it, and perhaps the
developers.