[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF related crash? (fwd)

On Sun, 2003-02-23 at 19:49, kjell@pintday.org wrote:
> There is nothing more frustrating than trying to help someone with a
> problem, and then realizing you spent your time debugging a 
> typo made when "obfuscating" IP addresses.
> Also, when these addresses are obfuscated, often they are NOT done
> in a consistent manner. This makes the config files
> impossible to read.
> it is ALWAYS easiest to track down a problem from the actual
> ruleset used. Unless you have a good reason to change something,
> DON'T.
I'm still aghast that you neglect to recognize this fellow's instance as
a situation that falls into this scenario.  Did you even bother to
review his ruleset?  He was allowing EVERYTHING... with quick, without
state.  What, for gosh sake, WOULD you consider an ok situation to
obfuscate his external address?  Not to mention it was only submitted in
ONE place... a macro!
Are you suggesting that, more often than not, folks post their ruleset
with macros so obfuscated as to render them illegible?  Or perhaps
you're simply fabricating an impractical happenstance to validate your
zealotry?   #imaginary
xx.xx.xx.0    #obfuscated
Was that really so confusing?