CIS enhancement suggestions

For the next major version:

  • Create a user-modifiable database of individual rules instead of having to write the same rule over and over again for each “custom” policy.
  • Add DNS resolution to firewall rules so sites can be named as an alternative to having to specify IP addresses. While this may slow down network access when such rules are triggered, it will also make blocking or allowing specific sites with multiple automatic mirrors (such as Microsoft’s) much easier.

For the current and future versions:

  • In the predefined firewall policies, add “Newsgroup Client” (same as “Mail Client” but accesses NNTP ports instead of the POP and SMTP ones), “Mail and News Client” (adds NNTP ports to “Mail Client”) and “RSS Client” (same as “Web Browser” but without FTP). Also “Update Checker”, which only requires access to HTTP ports and DNS.

  • In the installer, add the ability to load a previously saved configuration. In the uninstaller, add the ability to backup the current configuration. This will save a lot of time when reinstalling a system from scratch (or deploying to multiple machines in a LAN).

  • In D+ Common Tasks, add “File Groups” as a specific task (there happens to be one free slot in the default size window ;))