| WallFire Frequently Asked Questions (FAQ) |
1. Why is there a difference between groups and inline groups?
Answer:
First, be sure to read the description of groups and inline groups.@@
The notion of group exists in nearly every firewalling backend
WallFire uses. But inline groups is mostly a WallFire thing: it
enables to write your own macros, with potential arguments.
Note that the rules contained in a macro (inline groups) do not
need to contain a target, because inline groups are substituted
directly into the rules that uses them.
WallFire ships with a set of powerful macros that cover many common
cases (such as DNS access with requests only or zone transfers, Web
proxy access, etc.), and you can create your own reusable ones.
Answer: Because it is not desirable or not always possible to rely on runtime configuration (stored into the kernel). May that seem redundant in some case, it enables to detect any incoherency (as far as undesired changes) in the runtime configuration.
Answer:
WallFire is intented to be used by a large audience. It generates
implicit rules for those who don't care about firewalling so much that
they probably wouldn't even install any firewall at all if they hadn't
any firewall software that keeps things as simple as possible.
But it will also feature a non-implicit mode for those who want one,
and specialists will always have the choice to use the underlying
native firewalling system if they want, including by taking the
template generated as a starting point.
Answer: It's always the same debate:
Note: this page is generated by a template. Be aware of this before submitting patches containing formatting information against this page.