On Sat, Mar 24, 2007 at 10:50:54AM -0700, Tom Eastep wrote: > The good news: > > a) The compiler has a small disk footprint (although Perl is large). > b) The compiler is very fast. > c) The compiler generates a firewall script that uses iptables-restore; > so the script is very fast.
Now that's nice. There's several more though: - Shell-based parsers are, in a word, stupid. Their ability to parse anything other than character-and-newline-delimited lists is virtually non-existant, and syntax error handling is almost impossible. The new compiler can become a great deal less stupid and remove a lot of the old limits on what can be done (particularly with regards to features that happen entirely at compile-time, like macros). - The code should be hugely simpler to understand (any non-trivial program written in shell spends half the code working around the limitations of shell), which makes it much more practical for random third parties like me to make minor changes. I've tried doing stuff with the shell version before, and gave up because it was just too much effort. - perl -d It also occurs to me that a new approach is going to be needed to replace the old 'shorewall trace'. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
