I did not want to discuss the particular application, as it was developed by an outside vendor for us to use. It is a confidential app.
Besides, the application is not of consequence. The logistical problems don't seem that big of a deal. If the server records that 192.168.100.100 sends out tcp 5000 packets to 20.20.20.20, then it should have no problem knowing that udp 4900-1 should go back to 192.168.100.100. Heck, it probably isn't even much extra code. You can translate all you wish - that is not my fault that you are putting words into my email that I never typed. Actually, the mod that I proposed would be great with the majority of IM and P2P clients out there, wouldn't it? And finally, you say that sysadmins would ruin rulesets? Why are you so intent on treating people like children? You should operate on the assumption that people are perfectly capable of writing a good ruleset. When you operate on the assumption that people are incompetent, you just come off as very arrogant. I certainly don't enjoy dealing with arrogant people. -----Original Message----- From: Jolan Luff <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Mon, 12 Aug 2002 13:38:17 -0400 Subject: Re: Newbie Question (one of many to come) > On Mon, Aug 12, 2002 at 10:16:34AM -0700, Chris Willis wrote: > > I am puzzled still. No one can explain why it is bloated junk. It > would > > assist people who need to handle complex applications with their > firewall. > > Daniel gave a rather good explanation as to the logistical problems to > implement something such as this. He also pointed out why it is > somewhat pointless. Adding complexities such as this to pf for little > gain means bloat. Think of it as "cost benefit analysis". > > When you say "It would assist people..." I translate that as "me". > When you say "handle complex applications" I translate that as "create > a good method for system administrators to ruin rulesets". > > Of course, if you took the time to reply to Daniel's last e-mail on the > subject and explained in more detail what the particulars of this > application are, maybe people would be more receptive. > > - jolan
