Perhaps a format similar to BIND or dhcpd would be more beneficial?
On 09/25/2011 08:49 AM, Tom Eastep wrote:
On Sun, 2011-09-25 at 01:20 -0700, Christ Schlacta wrote:
I was reading through the config files, and noticed that many of them
would be well suited by being replaced or supplemented with an
(optionally optional) shiny new XML format that would allow the user to
specify only the needed attributes and not have to fill in -s where not
needed. Would prevent such mishaps as 1-too-many or 1-too-few -s
resulting in entries being placed in the column, and as I understand it
perl already has simple to use XML tools. Complicated files may end
up longer in some cases, but overall specification of rules would be..
simpler to write and understand, if a bit more verbose. Examples:
<rule>
<action>DNAT</action>
<source>net</source>
<dest>loc:10.0.0.1</dest>
<proto>tcp</proto>
<port>80</port>
<mark>88</mark> <!-- this is the line that makes it simpler -->
</rule>
<!-- also, reading this in a console is a lot more intuitive when you
come back
6 months later than an ass-ton of columns with no header information
(because
it's three page-ups away, not because it's deleted, obviously -->
I agree that the rules file, in particular, is outgrowing the columnar
format but I am reluctant to accept that XML is the answer. I worry that
if the ruleset is represented in XML, you won't be able to see the
forest for all of the trees.
I'll think about it,
-Tom
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
