Noel Jones:
> No, of course not. You perform the restriction twice; the warn_if_
> is log-only, the second is live. You can do this now with
> warn_if_reject reject_rbl_client list.dnswl.org to log the hit.
>
> > I think I prefer Wietse's implementation idea.
>
> Yes, very useful general solution. I would use it.
In summary, there are two orthogonal features that should not be
mixed up:
- routine logging, which currently does not exist for permit actions.
This requires one-time infrastructure code for "permit" logging,
and calls to that infrastructure from a half-dozen strategic places
(number of calls proportional to number of features).
- warn-if logging, which one uses to test a feature before deployment.
This takes a few lines of one-time infrastructure code.
I have invested 2 hours to determine in detail what changes are
needed to implement routine logging for permit actions, mostly in
the part that is proportional to the number of features. Implementing
routine permit logging would take a similar amount, and testing
another couple hours.
warn-if-permit logging is something that could be added later,
simply by cloning a few lines of code from warn-if-reject.
Wietse
