I'll have to wait a bit ?
e.
On 11/1/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
On 11/1/05, alan walters <[EMAIL PROTECTED]> wrote:
> [alan walters]
> I have been thinking about this a lot recently. I was wondering if rules
> for squid ftp proxy ipsec extra. Could be added to the xml file. At
> least this way the user has some control over what to do with them.
>
> I thought the best way to display these would be under there relative
> interface setting and grouped by the anchor points defined in pf.
>
> At least this would allow for a bit more transperancyy as to what rules
> are going on and maybe a bit more control over what services are used
> where.
>
> Look forward to hearing what other users have to say in respect to this
> issue on hidden rules in the /tmp/rules.debug file.
I agree (who cares about the users when the devs - well at least one -
agree? ;-P), the system generated rules do need to be exposed. It's
one of the items on my "Enterprise readiness TODO" list. Currently
those rules are tied pretty heavily into the rules.debug generation,
but I've got some ideas on the "best" way to move them out.
I'm actually finding this somewhat refreshing, with the user levels,
multi-user, and hidden rules discussions, it sounds like we're nearly
at a point where SOHO is usable and we've peaked enough interest to
consider it in an enterprise.
--Bill
