Brian J. Murrell wrote:
I've thought of that approach (adding a provider option)You mean a new field/option to the provider table, yes?
Yes -- a new option.
but what happens if part of the entries have the new option and part don't?s/part/some/ i.e. so some providers entries have the "override main routing" and some don't? I think that case is actually the more clear case. In that case, we can deduce that the user has actually chosen to use the new functionality.
The issue is not trying to figure out what the user wants but rather what should happen. We can't leave the user's default route(s) in the main table; about all we can do is to try to move it (them) to the default table, I guess.
I wonder if we could/should have a shorewall.conf feature (default to off of course) for this new behaviour.
That's what my current prototype does (option is named ROUTING_NG but I'm not particular happy with that name). But I think that is the safest thing to do.
At least through a transition to a new major release that requires this new behaviour. Or do your release standards forbid any new release to require user intervention to adopt some new/changed functionality?
We generally *require* the user to explicitly enable new functionality (no gain, no pain).
One thing that bothers me about this whole thing is that it trades one sharp edge for another. In the current scheme, applications that add non-default routes to the main table are a problem; although it is the application itself that doesn't work, not the router as a whole. In the ROUTING_NG configuration, having a default route unexpectedly added to the main table is a disaster; it can isolate the firewall/router entirely. I'm not sure that I want to give users that much rope to hang themselves.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
