On Mon, Oct 29, 2007 at 10:45:35AM +1000, Paul Gear wrote: > My question is: how many people would actually prefer and use the newer > syntax? The cleanness of rules is one of Shorewall's major draws. I > would personally rather maintain the clean-looking rules file and wear > the fact that some of the config is in the action. The number of port > knocking rules on any given firewall is likely to be 0 or 1, so it > doesn't seem like a big win for me. Perhaps another example of its use > might be more convincing... ;-)
I used the port knocking one because it's an example that people will recognise, and because I could do it by making minor adjustments to the sample code in the article - it's not the most amazing improvement, but it does neatly demonstrate all of the new features. It's something of a corner case - but then, the whole point of this feature set is corner cases. It's not something that you would frequently use, it's something that you use when shorewall's normal behaviour doesn't cut it, most likely because you're doing something new that nobody's thought of before. It's always difficult to dream up good examples of stuff you haven't thought of yet. As far as pure syntax goes, I can do better, but it wouldn't be a very nice example. I'd have to do some creatively evil preprocessing, either by overriding eval or with something from the Filter:: namespace. It would certainly be possible to extend shorewall in this way, but that's not really the intended purpose of this feature. If you want to add something new to shorewall with really neat syntax, that's why you have the source. This one is in the domain of "tools to create crude but workable solutions to problems that otherwise would be painful or impossible to solve". It's also a workaround for awkward limitations like the one that sparked this thread. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
