No. I think you are thinking in the wrong direction if you want rules from one rulebase to magically expand into four rulebases. That's not something I've ever wanted, I'm unsure how you ended down that train of thought.
I think I started that [explicit] train of thought, simply because no matter how your GUI presents it, rules will always end up interface-based at some level - networks are just that way. A GUI is just going to provide pretty indirection. I'm not going to deny that interface-based rulesets are complex - they are intentionally so, because it's the only way to account for 100% of all edge cases. If you want a GUI to hide that complexity for you and be right 90% of the time, that's up to you. For 99% of the population, 90% is more than enough; for the typical audience of power tools like pfSense, it's a failure. *But* - if someone wants to offer and maintain a patch to provide that, more power to them. I will absolutely disable it myself (after toying with it and seeing what I'm missing). Yes, I pulled those numbers from the same place the flying monkeys came from. Even though I've ooohed and aaahed over the niceness of pfSense, I've honestly been considering going back to a raw iptables firewall/router again, simply because there are some very specific tweaks and idiosyncrasies I want that pfSense can't or isn't designed to do. To each their own. Boogity boogity! RB --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
