|
IP Whitelisting
commented on by Aidan Skinner
(Feb 04, 2009).
Comment:
| |
[3:42 pm] |
partychat4 |
["rhs"] aidan: so a <whitelist default-action="">...<rule action=""/>...</whitelist> sort of thing would actually be a blacklist, would it not? |
| |
[3:45 pm] |
aidan.x.skinner |
rhs: yes |
| |
[3:48 pm] |
aidan.x.skinner |
rhs: I've been pondering dropping default-action and just letting having a rule with no match attribute at the end serve that purpouse |
| |
[3:48 pm] |
aidan.x.skinner |
(and default to deny if not specified) |
| |
[3:48 pm] |
partychat4 |
["rob"] but if you have no whitelist at all the default action is allow? |
| |
[3:49 pm] |
aidan.x.skinner |
yeah |
| |
[3:49 pm] |
aidan.x.skinner |
i guess that probably makes allow a more sensible default? |
| |
[3:49 pm] |
aidan.x.skinner |
also, ideas for calling <whitelist> something else would be gratefully recieved |
| |
[3:49 pm] |
partychat4 |
["rob"] I'm not sure there is a sensible default which is why I think you should force the user to set one |
| |
[3:49 pm] |
partychat4 |
["rhs"] accesslist? |
| |
[3:50 pm] |
aidan.x.skinner |
rob: we could demand one empty rule at the end? |
| |
[3:50 pm] |
aidan.x.skinner |
rhs: i thought about that but considered it a little too close to ACL |
| |
[3:51 pm] |
partychat4 |
["rhs"] <firewall>? |
| |
[3:51 pm] |
partychat4 |
["rob"] aidan: I'm pretty relaxed really |
| |
[3:51 pm] |
partychat4 |
["rhs"] <firewall default="deny">...</firewall> might make some sense |
| |
[3:51 pm] |
partychat4 |
["rhs"] er, default-action rather |
| |
[3:52 pm] |
aidan.x.skinner |
firewall sounds reasonable |
| |
[3:52 pm] |
partychat4 |
["rhs"] I'm also fairly relaxed, I just had the urge to mock your usage of the term whitelist. |
| |
[3:52 pm] |
aidan.x.skinner |
it's not a great term really. but greylists are something else again |
| |
[3:53 pm] |
aidan.x.skinner |
whiteandblacklist seemed a little unwieldy |
|
| |
[3:54 pm] |
partychat4 |
["rhs"] but I'm not particularly fussy either way |
| |
[3:54 pm] |
aidan.x.skinner |
firewall is more accurate, i'm going to go with that |
| |
[4:06 pm] |
partychat4 |
["marnie"] honest answers, does anyone here really care about what we call it ? |
| |
[4:07 pm] |
partychat4 |
["marnie"] cos I know some people who do |
| |
[6:13 pm] |
partychat4 |
[jonathan.ro...@gmail.com] i care that what we call it is easy to explain |
| |
[6:13 pm] |
partychat4 |
[jonathan.ro...@gmail.com] i think the sub elements might be <include/> and <exclude/>, i don't know what to call the containing element |
|
|
![]() |
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscr...@qpid.apache.org
