On Thu, 20 Oct 2005, Foo Ji-Haw wrote:
Thanks for the brief breakdown on ipf and ipfilter. But what about ipfw? I
like the 'auto-swap ruleset' feature, as well as account. Does ipfw do them
as well? Thanks.
No idea, never used it and I donĀ“t plan to. I'm using pf now, it
does what I need although I miss the two mentioned features, and I
see no reason to change.
I asked on the openbsd list for the ability to have an inactive
ruleset and swap for the very same reasons you want it, and got
flamed:
"why would you ever want that?", "you can keep a backup in a
file", "why wouldn't you want to have 10 or 100 rulesets?", "you
can check your ruleset with pfctl -n", "it won't load if there are
errors".
They didn't get that the checks catches only syntactically
incorrect errors, not those typos that can lock you out while
strictly correct - like 10.0.0.0/2 instead of 10.0.0.0/24.
So don't request it. Same thing for groups.
Cheers, Erik
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
