On 4/7/13 6:54 PM, "Mr Dash Four" <mr.dash.f...@googlemail.com> wrote:
> >> Are there particular Shorewall configuration files that you require this >> feature in? >> >The most pressing need, at least for the time being, is 'rules' and >'blrules'. Later on, 'masq' and probably 'conntrack'. The last bit >(which currently is in my 'nice-to-have' list) is the whole range of >traffic-shaping, but that is way off (we are talking probably a couple >of months). > >I need to take advantage of the state and chain auto-naming in >shorewall. In other words, to let shorewall determine which chain (and >in which state since that can be specified in 'rules' and 'blrules') to >place this inline statement in and for me to just write it out. Again >though, I am not really bothered if I don't have any >optimisation/error-checking as such - if there is a screw-up in that >inline statement, I am going to accept that. Is this doable? It is doable, and optimization will happen automatically. The biggest effort will be in parsing. Because of the tabular format of the Shorewall files, the rules compiler doesn't have a LR lexical analyzer. It rather splits the line on whitespace and then analyzes each 'column'. So embedded whitespace in the contents of a column is problematic. The code already has to deal with a similar problem when parsing the parameters to a action where it is splitting the parameters on commas, so no new algorithm should be needed. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
