> From: Keith E. Lehigh <[email protected]>
> Subject: [Simple-evcorr-users] Questions about Jump rule processing
> To: [email protected]
> Date: Saturday, May 9, 2009, 10:14 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
> I have a couple questions regarding the
> behavior of Jump rule processing.
> First, if one uses two cfsets in a Jump
> rule, a successful match in the first cfset does not prevent
> processing in the 2nd ruleset. This is the case
> regardless of the presence of the "continue" option in the
> matching rule in the first cfset. This happens with a
> Suppress or Single rule as the matching rule.
> Also, failure to match in the given
> cfsets doesn't result in the entry resuming matching at the
> next rule in the original configuration file.
> I'm using sec-2.5.1 . Thanks for
> any insight.
hi Keith,
these are not bugs, but features coming from explicit design decisions. I know
that Jump somewhat resembles a similar iptables feature, but there is one major
difference. In the case of iptables, the rules in the child chain can terminate
the search for matching rules. In the case of SEC, the decision has to be made
at the level of the parent ruleset. If it were done like in iptables, a child
ruleset could override continue=TakeNext/Goto in the parent rule, which makes
things quite unclear.
However, the problems you have described can be addressed with the use of
contexts -- you can set a context in the child ruleset and check for its
presence in the parent ruleset (or in the following child ruleset), in order to
find out whether there has been a match.
BR,
risto
>
> - - Keith
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Darwin)
>
> iEYEARECAAYFAkoF1WgACgkQW5AQrvjB4meauwCfXbjBC7ru4CdD+ef5j1PqpJD9
> o3MAn2jR9nnafpEW/rL3JekbGvXHcV8/
> =c36T
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY
> circumstances! Your
> production scanning environment may not be a perfect world
> - but thanks to
> Kodak, there's a perfect scanner to get the job done! With
> the NEW KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with
> all image
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Simple-evcorr-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
