Hi,

First of all, thanks for posting additional info about those 
ACK/SYN/DNS rules!


Thomas Hertz wrote:
> You can use the http://<m0n0wall ip>/exec.php interface to run any command,
> like ipfw. It's pretty handy to add rules manually, though I haven't thought
> of a way to make them apply after a reboot.

It is possible to add cmd. lines to config.xml, that will be executed 
at startup (but unfortunatly I don't remember the syntax for doing 
this, hopefully this can be found in the archive?)

This having been said, I'd personally like to see the shaper interface 
allowing more of this advanced stuff. In particular I'd like the 
option to enable multi-pass (one-pass=0) as well as support for 
re-injection in the webGUI. But I understand that maybe Manuel had 
good reasons for disallowing this? (If so, could someone please 
elaborate on this?)

Also, I too would like to see some kind of inspection/verification for 
the shaper. If it is really the case that this can be done through the 
cmd. line with the stuff already in m0n0wall, might this be put on a 
diagnostic page in the webGUI?


Adam.