> On 11/1/05, alan walters <[EMAIL PROTECTED]> wrote: > > [alan walters] > > I have been thinking about this a lot recently. I was wondering if rules > > for squid ftp proxy ipsec extra. Could be added to the xml file. At > > least this way the user has some control over what to do with them. > > > > I thought the best way to display these would be under there relative > > interface setting and grouped by the anchor points defined in pf. > > > > At least this would allow for a bit more transperancyy as to what rules > > are going on and maybe a bit more control over what services are used > > where. > > > > Look forward to hearing what other users have to say in respect to this > > issue on hidden rules in the /tmp/rules.debug file. > > I agree (who cares about the users when the devs - well at least one - > agree? ;-P), the system generated rules do need to be exposed. It's > one of the items on my "Enterprise readiness TODO" list. Currently > those rules are tied pretty heavily into the rules.debug generation, > but I've got some ideas on the "best" way to move them out. > > I'm actually finding this somewhat refreshing, with the user levels, > multi-user, and hidden rules discussions, it sounds like we're nearly > at a point where SOHO is usable and we've peaked enough interest to > consider it in an enterprise. > > --Bill [alan walters] I totally think that if you test it well in your environment first it is a rock solid solution. We have a large number in place working beautifully well. As core routers, filtered bridges and core firewalls.
I think at home I still have a 0.53 box running for how ever long ago that series came out. It has a couple of cmd shell hacks for my wireless but it is great. Our present core firewalls have shown excellent robustness and ease of use. Wonderful job by a bunch on wonderful enthusiasts. Cheers alan