|
||||||||
My suggestion was basically *groups of ipadresses* but *groups of ports* would also come handy. My philosophy is that the firewall should only allow exactly what is needed and should not rely on security measures on the protected machines and the port range allow does not fit here... Also I do not allow everything from trusted net to untrusted net meaning I have around 70 rules today that precisely defines what behavior I expect from the trusted machines on the inside. Thanks Claus |-----Original Message----- |From: Chris Buechler [mailto:cbuechler at gmail dot com] |Posted At: Saturday, February 23, 2008 10:43 PM |Posted To: Monowall |Conversation: [m0n0wall] Groups in rules |Subject: Re: [m0n0wall] Groups in rules | | |On Sat, Feb 23, 2008 at 4:07 PM, Daniele Guazzoni |<daniele dot guazzoni at gcomm dot ch> wrote: |> |> like pfSense does, I guess Scott, Chris and Bill have |nothing against backporting the code to m0n0wall ;-) |> | |Of course not. :) | |But it's not quite as simple as a straight port, because of syntax |differences between pf and ipf. But the Aliases page in pfSense could |be ported directly to m0n0wall and the rule generation would just have |to be written. | |This functionality is on the todo list for 1.3. |http://m0n0.ch/wall/todo.php | |-Chris | |--------------------------------------------------------------------- |To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch |For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch | | |