Re: [m0n0wall] Re: per-interface rulebases: why?

From:	Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Re: per-interface rulebases: why?
Date:	Fri, 02 Jun 2006 08:43:14 +0200

I'm used of working with objects configuring firewalls (lot of PIX with VMS)
and I would never give away the interfaces !!!

> Another approach would be a checkbox for each defined network.
> Checking a box next to a network/host would mean "show me only rules
> affecting these networks / hosts".  Hidden rules could go behind a
> text like "5 rule(s) hidden", just like Gmail hides quotes.
> 
> (Details:  Default behaviour would be to show everything.  Many
> networks mean many checkboxes, so checkboxes should be buffed away in
> a dropdown.)
> 

Hidden rules ?
Yep, you're definitely a CheckPoint addicted... :-)

The only thing which in my opinion would simplify the rules is grouping.
Host, network and port groups definition would "implode" some huge rulesets
(like active-directory rules...)
This was already discussed in the dev list.


Daniele

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.