Il 02/07/2012 15:51, Jim Pingle ha scritto:
On 7/2/2012 9:38 AM, Tonix (Antonio Nati) wrote:
Too much confusion in keeping filters tables,
Switching how the entire firewall operates is also very confusing and
not likely to do what people expect -- floating rules would be much
easier to understand than you expect (if the list were cleaned up a bit)
and no possibility to let a user to manage his/her interface.
That's not even possible now, and would be just as difficult/easy to
implement on the floating tab as any other. (If a user can only see
interface X, only show the rules for interface X, done.)
Would it be possible to have a technical answer about using OUTPUT
interfaces rules instead of INPUT interfaces rules?
What should change dramatically inside pfsense, and there is any real
security reason for not doing that?
As far as I can see PF filtering, both INPUT and OUTPUT interfaces rules
would be evaluated in same place.
Regards,
Tonino
Jim
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list