>> As i also said before, i agree that when the number of interfaces >> becomes large, managing ipfw lists can become difficult (though i >> see no way your technique can help without the assistance of scripts >> generating the actual lists for each interface making sure that the >> 'common' checks are in sync, etc.) > > This is one of the difficulties of per-interface ACL's like in Cisco > and Juniper.
grown-up operators generate their configs programmatically. life just does not scale any other way. randy _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
