|
||||||||
From: "Molle Bestefich" <molle dot bestefich at gmail dot com> > Lee Sharp wrote: >> > If there's no real use cases (as I suspect), then adding complexity >> > makes the rulebase harder to figure out. >> It makes it much simpler if you think in a "spatial relations" sort of >> way. >> What is the flow of the traffic, and look at those interfaces. > I fail to see how your "flow of traffic between interfaces" way of > thinking is superior to my "flow of traffic between networks/hosts". In the above statement, "interfaces" and "networks" can be considered equal. And if you think hosts, you can miss what you are passing through, or not. For example "Home" to "the office printer" can mean different things based on VPN, or port forwarding. >> It is just grouped by interface to make it easier for US. > It's still added complexity as far as I can see, though I guess it > does make it easier for people who's used to it, and perhaps the > developers. A different way of thinking. And you say "THE DEVELOPERS" like they are some weird guys in robes among the clouds... You can be one too. Just change the code. You only need to play with the page https://gateway/firewall_rules.php which is on the root filesystem under /usr/local/www and present something new. It might end up being put into the distribution. Lee |