[ previous ] [ next ] [ threads ]
 
 From:  "ISB GmbH (Peer Dicken)" <pd at isb dash gmbh dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  AW: [m0n0wall] Feature suggestion
 Date:  Tue, 23 Mar 2004 11:37:23 +0100
> > 1. Grouping
> 
> Could you explain this more detailed? What would one do with 
> those groups? I mean, can you give some examples where those 
> groups are an advantage?

Grouping can make life easier. For example you could group the ports for http,https,ftp and other
services to a group called "default-internet" and then use this group for a rule like:
LAN --> ANY , default-internet

Add another group called "admin-internet" and add the services ssh,telnet and other services. Then
you add a machine-group called "admins" which contains only a few machines. Now you can add a rule
like this:
admins --> ANY , admin-internet

For mailservers: Services group "mail" containing smtp, pop3, imap. A machine group "mailservers"
with your mailservers:
Mailservers --> ANY , mail

This is much easier to handle, because you only need to define groups of machines and services and
then configure your rules. 



 
Peer Dicken
 
 
ISB GmbH                         

58239 Schwerte
 

Telefax +49 (23 04) 98 32 47 
Mobil +49( 160) 44 39 37 1
eMail pd at isb dash gmbh dot biz

http://www.isb-gmbh.biz