* Marc Heuse wrote on Thu, Sep 07, 2000 at 21:40 +0200:
I already thought heavily about adding "hooks" where people can plugin customized rules. But I realized, that it is hopeless - where should they be loaded. The problem is, that the firewals script tries to be perfect, hence the rulesetup is pretty complicated. no easy way to make a hook somewhere which will sattisfy more than 50% of the people who want this feature I think.
Not really a hook, but maybe an idea. My firewall script uses a conf-file. In that conf file may be user-defined rules, which are set up first (and take precedence). Such a rule may look like #syntax: (net/mask|ip):[port[-port] <this again> <proto> <ipchains parameter> forward: 192.168.1.0/24:1024-1050 192.168.0.0/24:ssh tcp -j ACCEPT It's a very technical format but it (should) allows to set anything what's needed. I found it very useful i.e. when enabling ipsec. But maybe I misunderstood the problem of the "hooks" here completly... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.