Hi guys I've talked to three people now, and like me they can see only one lonely use case for per-interface rules: anti-spoofing.
Seeing as anti-spoofing is largely automated in pfSense and m0n0wall, is there any compelling reason for this odd division of the rulebase? It makes the rules hard to work with, because in addition to deciding on your source, destination and service, you have to either add your rule to all of the interfaces, or try to figure out by what arcane metric the firewall decides when to enforce the rules that are added under one particular interface and when it's the rules associated with another interface that's in action. Hope you can enlighten me! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]