Rules by order?
-
@donny the question is why? Firewalla has built a system that I think can be summarized in a nutshell as:
- Focus on simplicity. Don't require users to be Cisco certified.
- Deliver a powerful solution that is easy to use.
Could Firewalla have made other design decisions? Three are certainly other options they could have pursued such as having the user prioritize rules as you suggest. But at this point in time, if I were Firewalla I would ask myself, "What can't users do that they are asking to do?" Not how but what. Having users prioritize rules is a how. What can't a user do now that is missing? Changing the how without a compelling reason is just a mess for users and a support nightmare. It is also a costly development exercise.
I have not found anything that can't be accomplished with the current system. That's why I asked you what is missing. I don't necessarily advise this in general, but today you could:
Disable the default Block All Ingress rule or use the DMZ to default allow all traffic and then use discrete denies.
That seems to satisfy at least part of what you are asking for. Or am I missing something?
Please sign in to leave a comment.
Comments
9 comments