Since IPSEC use different protocols from the standard
tcp/udp/icmp, the 'all' tag under the ipf rulesets
doesn't cover them.
When creating rules, it would be nice if there was a
warning either at ruleset compile time.. or from the
gui .. when/if a user made an IPSEC rule that wasn't
bi-directional. This would help users catch errors in
Perhaps a future feature.. allowing some hooks in the
objects that would be evaluated at or prior to compile
time for specific rules. I know this is a BIG change..
but could potentially prevent alot of stupidity.
Simple things that checked bidirectionality for proto's
that are typically that way .. ssh, etc. Or warned a
user if they enabled IRC .. but didn't enable the
functionality to do file send/recieves. Etc.
I envision a checking program that perhaps could/would
be seperate from the compiler that woudl check the
rationality of the .XML file.