I'm used of working with objects configuring firewalls (lot of PIX with VMS)
and I would never give away the interfaces !!!
> Another approach would be a checkbox for each defined network.
> Checking a box next to a network/host would mean "show me only rules
> affecting these networks / hosts". Hidden rules could go behind a
> text like "5 rule(s) hidden", just like Gmail hides quotes.
> (Details: Default behaviour would be to show everything. Many
> networks mean many checkboxes, so checkboxes should be buffed away in
> a dropdown.)
Hidden rules ?
Yep, you're definitely a CheckPoint addicted... :-)
The only thing which in my opinion would simplify the rules is grouping.
Host, network and port groups definition would "implode" some huge rulesets
(like active-directory rules...)
This was already discussed in the dev list.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.