On Wed, Jan 11, 2012 at 2:33 AM, <p...@bell.net> wrote:
>
>
> ##### 4 #####
>
> PF: Example: Firewall for Home or Small Office
>
> One of the stated objective is:
>
> - Make the ruleset as simple and easy to maintain as possible.
>
> In the example provided, 4 macros are provided:
>
> int_if="xl0"
> tcp_services="{ 22, 113 }"
> icmp_types="echoreq"
> comp3="192.168.0.3"
>
> For maintenance sake, would it not be
> appropriate to define the other
> mysterious outgoing interface "fxp0"
> as well, as declared in the following
> options section?I'm the stupidest one here as I've proven over the last couple of months, and it was obvious to me that I needed to write my own. > > > The ruleset migh suffer a little bit of > complications by adding one more macro. > > Who knows, perhaps the "fxp0" network > interface does not want to get all the attention... You don't just copy from the manuals, we are higher creatures than parrots. If you read the manual correctly, write your rules as you go, you will have a working ruleset with maybe a few typos in it. The only thing I've ever thought could be added to the examples is idiots English so kids could join in on the rule writing. I'm kidding of course. OpenBSD just takes the right mindset, which is an independent mindset. This list is more like a support group where we remind each other to read the documentation and not be lazy. -- www.johntate.org
