On Fri, Oct 26, 2007 at 11:11:53AM -0700, Tom Eastep wrote: > I'll have to think about this proposal. I don't believe that I can just > suddenly de-implement Macros in Shorewall-perl so I would need to add the > 'function' capability in an upwardly-compatible way.
It should be fairly simple to accomplish that - but I really haven't thought about the problem for any longer than it took to write that mail, it's just a sketch of one possible approach. The basic goal is straightforward: there's no good reason for the limitations of the macro system, and tossing a Turing-complete language in there pretty much eliminates them with a minimum of effort. I'd be happy with anything that I can (ab)use to implement: foreach i in x,y,z: ACCEPT fw $i tcp ssh (I get tired of endlessly pasting lines to accomplish the same thing) > FWIW, the reason that macro's don't support ORIGINAL DEST is that > they can be used in both the rules file and in action bodies. I > chose to make macros support the least common denominator of those > two. Any solution along these lines should completely subsume/eliminate the need for actions - it's more of a least common multiple, combining all the capabilities of both into one coherent and simple operation. That does indicate that the syntax I sketched out is inadequete (on reflection I don't much like it anyway). ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
