[ previous ] [ next ] [ threads ]
 
 From:  "Claus at Monowall" <Claus at Monowall>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Groups in rules
 Date:  Sun, 24 Feb 2008 15:57:42 +0100
My suggestion was basically *groups of ipadresses* but *groups of ports*
would also come handy.

My philosophy is that the firewall should only allow exactly what is
needed and should not rely on security measures on the protected
machines and the port range allow does not fit here...
Also I do not allow everything from trusted net to untrusted net meaning
I have around 70 rules today that precisely defines what behavior I
expect from the trusted machines on the inside.

Thanks
Claus
 

|-----Original Message-----
|From: Chris Buechler [mailto:cbuechler at gmail dot com] 
|Posted At: Saturday, February 23, 2008 10:43 PM
|Posted To: Monowall
|Conversation: [m0n0wall] Groups in rules
|Subject: Re: [m0n0wall] Groups in rules
|
|
|On Sat, Feb 23, 2008 at 4:07 PM, Daniele Guazzoni
|<daniele dot guazzoni at gcomm dot ch> wrote:
|>
|>  like pfSense does, I guess Scott, Chris and Bill have 
|nothing against backporting the code to m0n0wall ;-)
|>
|
|Of course not.  :)
|
|But it's not quite as simple as a straight port, because of syntax
|differences between pf and ipf. But the Aliases page in pfSense could
|be ported directly to m0n0wall and the rule generation would just have
|to be written.
|
|This functionality is on the todo list for 1.3.
|http://m0n0.ch/wall/todo.php
|
|-Chris
|
|---------------------------------------------------------------------
|To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
|For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
|
|