[leaf-devel] New Perl-based Compiler

Tue, 20 Mar 2007 06:35:38 -0800 

My experimentation with a Perl-based compiler for Shorewall is beginning
to bear fruit. Here is a timing from the main firewall at shorewall.net
using the Perl-based compiler. That compiler generates a script that
uses iptables-restore to configure Netfilter.

[EMAIL PROTECTED]:~/shorewall# shorewall restart .
Compiling...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
done.

real    0m2.403s
user    0m0.604s
sys     0m0.492s
[EMAIL PROTECTED]:~/shorewall# shorewall show log

Contrast that with the standard 3.4.1 compiler:

[EMAIL PROTECTED]:~/shorewall# time shorewall restart
Compiling...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
done.

real    0m7.054s
user    0m2.020s
sys     0m2.964s
[EMAIL PROTECTED]:~/shorewall# 

The new compiler still uses the shell as its preprocessor to process the
'params' file, expand shell variables in configuration files and to
strip comments from those files. Approximately one second of the elapsed
time occurs before the Perl-based compiler even starts.

The compiler is far from complete -- no 'detect' features are supported
yet. Those will cause the generated script to run quite a bit slower
because the iptables-restore input must be reprocessed in the generated
script to add the rules that result from detected addresses. 

Anyone wishing to play with it can do so as follows:

a) Install Shorewall 3.4.1.
b) Get a copy of the trunk/New SVN files.
c) Make a copy of your /etc/shorewall directory.
d) Modify the shorewall.conf file in the copied directory as follows:

        1- Add 'EXPERIMENTAL=Yes'
        2- Modify CONFIG_PATH to include the directory where you placed 
           the trunk/New files.

You can now use the copied directory as a testbed for the new compiler
as I've done above (e.g., cd to that directory and specify "." in your
'shorewall' commands).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
leaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to