Re: [Fwbuilder-discussion] adding a single rule to an fwbuilder-generated firewall?
Brought to you by:
mikehorn
From: snowcrash+fwbuilder <sch...@gm...> - 2006-12-27 06:41:45
|
> option #1: > > add a branching rule at the very top of the policy, with a simple > chain name of your choice. Do not create any rules in that branch in > the GUI. Then, when you want to block some address quickly, use > command similar to the one you quoted except put the rule in the > chain you defined. this will do nicely. thanks. > option #2: > > use run-time address table object. Then, when you want to block some > address, you add it to the file on the firewall and re-run firewall > script again to make it read the file and use new address. Note that > if you were using PF, you could use this method and just reload the > table without reloading the whole policy. With iptables, script > generated by fwbuilder reads addresses from the file and executes > iptables commands for each one, so you have to rerun the script. i keep bumping into comments like "if you used PF you could ...". i'm beginning to think it's well worth a serious look. thanks again! |