From owner-freebsd-hackers Sun Mar 28 7:28:47 1999 Delivered-To: freebsd-hackers@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 608) id B065314C14; Sun, 28 Mar 1999 07:28:46 -0800 (PST) From: "Jonathan M. Bresler" To: luigi@labinfo.iet.unipi.it Cc: housley@frenchknot.ne.mediaone.net, noor@NetVision.net.il, freebsd-hackers@FreeBSD.ORG In-reply-to: <199903281244.OAA03534@labinfo.iet.unipi.it> (message from Luigi Rizzo on Sun, 28 Mar 1999 14:44:47 +0200 (MET DST)) Subject: Re: ipfw behavior, is it normal? References: <199903281244.OAA03534@labinfo.iet.unipi.it> Message-Id: <19990328152846.B065314C14@hub.freebsd.org> Date: Sun, 28 Mar 1999 07:28:46 -0800 (PST) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > From: Luigi Rizzo > Date: Sun, 28 Mar 1999 14:44:47 +0200 (MET DST) > Cc: housley@frenchknot.ne.mediaone.net, noor@NetVision.net.il, > freebsd-hackers@FreeBSD.ORG > Content-Type: text > Sender: owner-freebsd-hackers@FreeBSD.ORG > X-Loop: FreeBSD.ORG > Precedence: bulk > > Re. the problem with ipfw configurations... > > should we add another instruction to ipfw > > between A and B ... > > to ease life in configuring firewalls ? Performance of a ruleset > will be only marginally improved, but having simpler rules will > indirectly make configurations more secure by reducing mistakes. i understand between to be a short cut that replaces "from A to B" and "from B to A". i prefer the present syntax, it allows me to control who originates the connection. seems to me that the new syntax would not be used very frequently. most of my rules (27 of 30) have "any" as one endpoint. dont think that i want to use a "between" in cominbation with "any". seems to me that its better to have people understand what they are configuratin rather than make the configuration syntax hide the asymmetric nature of tcp. jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message