Ed W wrote: > >> Actually, I'd like to go one step further and suggest to not bring >>> this extra overhead into the project. It is a clear example of > >> putting the cart in front of the horse.
> > I agree. Shorewall is easy to configure; all xml would do is make it >> harder. If somebody thinks this is not the case, they need to learn >> how to use an editor. GUI is an unnecessary additional layer of >> abstraction, a potential source of errors, an expanded attack surface, > > and a maintenance burden. >You are missing the point that not all config files are written by >humans... To highlight the point, consider the ratio of html websites >written by humans vs database driven (or other cgi built sites). cgi >generated sites dominate by a massive proportion. Actually the point hasn't been missed. The config file format is quite simple and easily generated from <some other system> if you want to do that. The suggestion above is simply to keep Shorewall as it is, and if someone wants something more complicated then they can script it. However, for things like shorewall, I think you'll find the majority of configs are hand edited, and the comparison with HTML is completely bogus since there is no comparison whatsoever with the level of non-complexity found in a typical shorewall config. >Personally I don't dig xml all that much, but sometimes it makes sense >to store data in a particular format. eg many applications find either >sql or ldap storage useful for common centralisation of configs. Others >find json (or yaml) useful for integrating with web applications. XML >has it's place also And no-one is stopping you from doing that. You can store your config in anything you like. All you have to do is write a script/query that will generate Shorewall's config files - just as you'd have to write a script/query o generate the much more complex XML some people are suggesting. So I'm all for Tom keeping Shorewall just as it is. The config files are easy to work with as a human, and simple enough to machine generate for those that want to do it. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
