ISB GmbH (Peer Dicken) said:
> This is much easier to handle, because you only need to define
> groups of machines and services and then configure your rules.
In my opinion, you forget another important benefit: it can also
eliminate lots of duplicate effort if you have several network
interfaces for which you want to have a similar set of basic rules.
I usually do quite some cutting and pasting in the config.xml file
because maintaining rule sets over several interfaces is a bit
cumbersome through the web gui. Not really pleasant because of the
reboot after uploading the edited version...