I agree with some of the opposition about xml being harder to read. I
suggest it mainly because of it's ease of deployment. Perl has well
documented easy to use libraries for XML. I'm certainly open to other
options, and really just want something easier to use than the large
tabular format. Perhaps something custom would work. I have another
idea. Pick a constant to (optionally) terminate the end of the rule,
such as ";" by itsself in any column. then parse after the ; key-value
pairs where COLUMNNAME="value", in my example below
DNAT net loc:10.0.0.1 tcp 80 ; MARK="88"
just an arbitrary example, but it might inspire you :)
On 9/25/2011 08:49, Tom Eastep wrote:
On Sun, 2011-09-25 at 01:20 -0700, Christ Schlacta wrote:
I was reading through the config files, and noticed that many of them
would be well suited by being replaced or supplemented with an
(optionally optional) shiny new XML format that would allow the user to
specify only the needed attributes and not have to fill in -s where not
needed. Would prevent such mishaps as 1-too-many or 1-too-few -s
resulting in entries being placed in the column, and as I understand it
perl already has simple to use XML tools. Complicated files may end
up longer in some cases, but overall specification of rules would be..
simpler to write and understand, if a bit more verbose. Examples:
<rule>
<action>DNAT</action>
<source>net</source>
<dest>loc:10.0.0.1</dest>
<proto>tcp</proto>
<port>80</port>
<mark>88</mark> <!-- this is the line that makes it simpler -->
</rule>
<!-- also, reading this in a console is a lot more intuitive when you
come back
6 months later than an ass-ton of columns with no header information
(because
it's three page-ups away, not because it's deleted, obviously -->
I agree that the rules file, in particular, is outgrowing the columnar
format but I am reluctant to accept that XML is the answer. I worry that
if the ruleset is represented in XML, you won't be able to see the
forest for all of the trees.
I'll think about it,
-Tom
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
