[Security Firewall] Fw: Rules

[security]

Hello all,   Florin, I have a couple questions for you.  I've installed the pre-alpha ISO and aside from a little network card detection glitch it installed beautifully (the cards don't appear in the MNF web interface).  My first test was to restore a backup configuration file to an identical machine running the 10.0 from our current 8.2 firewall.  Oops, big mistake.  Apparently the zones are defined differently and I've now locked myself out of the LAN interface...  no biggie but it brings me to a question I've had for a while.  Will there be a way (or would you please consider adding it) to do a pre-check on the rules before shorewall attempts to restart?  I've been in a hurry before or not thinking and I've made rules that the interface accepts but shorewall pukes on.  For instance, you would never make a rule:   ACCEPT     wan    dmz    icmp    0:65535 (all ports)  ---    ---   This would effectively bring the firewall down and force you to log on locally, change the /etc/shorewall/rules file, restart shorewall, then re-enter the interface so the database can get changed too.     Question #2 - Traffic Shaping Honestly this is fantastic and it's so very welcomed.  However, would it be possible to TS by IP?  We have a number of chat servers and I'd LOVE to shape them via the FW instead of by each machine.   This also brings me to a humble suggestion.  Just a suggestion but you may want to have a checkbox by the rules that would "disable" the rule instead of deleting it. The database could keep the rule around but would ultimately not write rules to the configs that were checked "disabled". This allows you to test rules first instead of just deleting them and having to re-add them.   I LOVE your firewall.   Jim McCormick Cencore