[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: feature suggest: ability to load/add _inverted_ table file

GH> Is there some unknown reason why he cannot use
GH> ~~ # grep \!\< /etc/pf.conf | head -3
GH> nat on $Ext from $LAN to !<InsideNets> -> $Ext:0
GH> pass out quick on $Ext $TCP to !<InsideNets> user squid $KSF queue (q_def,\
GH> q_pri)
GH> pass out log quick on $Ext $TCP from $Ext:0 to !<InsideNets> port nntp\
GH> user news $KSF
GH> for the same effect ?
  No it is not the same. I suggested "list exclude" feature in addition
to existing "list include" feature on table RULE.
  As result, administrator would be able to assemble ONE table instead
of two-three, and would be able to reduce number of rules, without
external lists preprocess or dynamic table loading.
  IMHO, my suggest was pretty simple, and at the same time, very
efficient for PF's core flexibility. Developers don't think so. Sad.
Ilya A. Kovalenko
"Better" is the worst enemy of "Good"