Improvement to fw & NAT

kolomalo

Hi all. Perhaps this is not the correct way to do this, so sorry.

would be desirable to use hostnames on NAT and filter rules.

Great job!! Many thanks!!

cmb

you can, via aliases.

kolomalo

@cmb:

you can, via aliases.

MMmmm not. I say to use real hostnames, because exits the posibility that dhcp (or anything else) change the hostname ip.

Captive portal manage hostnames, so I think that is a good idea to use hostnames on fw or nat too.

It's only a suggestion…

Thanks!!!

cmb

Aliases automatically update to new IPs as needed.

kolomalo

@cmb:

Aliases automatically update to new IPs as needed.

mmm if it's true, i'll try this.

Thanks!!

kolomalo

Another improvement is to use "not" on port destination.

For example:  How can I block all connections from one host that's don't use https port destination? (without the need to create two or more rules)